[jboss-jira] [JBoss JIRA] (ELY-1481) Coverity, Explicit null dereferenced in FileSystemSecurityRealm

Ilia Vassilev (JIRA) issues at jboss.org
Tue Apr 17 09:14:00 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev closed ELY-1481.
------------------------------
    Release Notes Text: Duplicate of ELY-1480
            Resolution: Duplicate Issue


> Coverity, Explicit null dereferenced in FileSystemSecurityRealm
> ---------------------------------------------------------------
>
>                 Key: ELY-1481
>                 URL: https://issues.jboss.org/browse/ELY-1481
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Client
>    Affects Versions: 1.2.0.Beta11
>            Reporter: Martin Choma
>            Assignee: Ilia Vassilev
>
> There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in wildfly-config.xml
> {code:xml|title=elytron-1_0_1.xsd}
>     <xsd:complexType name="credential-type">
>         <xsd:simpleContent>
>             <xsd:extension base="xsd:string">
>                 <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
>                 <xsd:attribute name="format" type="xsd:string" use="optional"/>
>             </xsd:extension>
>         </xsd:simpleContent>
>     </xsd:complexType>
>     <xsd:complexType name="otp-credential-type">
>         <xsd:simpleContent>
>             <xsd:extension base="xsd:string">
>                 <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
>                 <xsd:attribute name="hash" type="xsd:string" use="optional"/>
>                 <xsd:attribute name="seed" type="xsd:string" use="optional"/>
>                 <xsd:attribute name="sequence" type="xsd:string" use="optional"/>
>             </xsd:extension>
>         </xsd:simpleContent>
>     </xsd:complexType>
> {code}
> Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in 
> {code:java|title=java.security.Provider$ServiceKey.java}
>         private ServiceKey(String type, String algorithm, boolean intern) {
>             this.type = type;
>             this.originalAlgorithm = algorithm;
>             algorithm = algorithm.toUpperCase(ENGLISH);
>             this.algorithm = intern ? algorithm.intern() : algorithm;
>         }
> {code}
> [1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457601&mergedDefectId=1463442
> [2] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457602&mergedDefectId=1463441



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list