[jboss-jira] [JBoss JIRA] (ELY-1235) Coverity, Dereference null return value, JdbcSecurityRealm (Elytron)
Martin Choma (JIRA)
issues at jboss.org
Thu Jun 8 05:47:00 EDT 2017
Martin Choma created ELY-1235:
---------------------------------
Summary: Coverity, Dereference null return value, JdbcSecurityRealm (Elytron)
Key: ELY-1235
URL: https://issues.jboss.org/browse/ELY-1235
Project: WildFly Elytron
Issue Type: Bug
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity found possible dereference of null.
executePrincipalQuery() can return {{null}} and {{credential.matches()}} is called without check
{code:java|title=JdbcSecurityRealm.java}
@Override
156 public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
157 Assert.checkNotNullParam("credentialType", credentialType);
158 for (QueryConfiguration configuration : JdbcSecurityRealm.this.queryConfiguration) {
159 for (KeyMapper keyMapper : configuration.getColumnMappers(KeyMapper.class)) {
160 if (keyMapper.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec).mayBeSupported()) {
161 final Credential credential = executePrincipalQuery(configuration, r -> keyMapper.map(r, providers));
162 if (credential.matches(credentialType, algorithmName, parameterSpec)) {
163 return credentialType.cast(credential);
164 }
165 }
166 }
167 }
168
169 return null;
170 }
{code}
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=22329013&defectInstanceId=5071812&mergedDefectId=1440468
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list