[jboss-jira] [JBoss JIRA] (ELY-1481) Coverity, Explicit null dereferenced in FileSystemSecurityRealm

Martin Choma (JIRA) issues at jboss.org
Thu Jan 4 03:54:00 EST 2018 

Martin Choma created ELY-1481:
---------------------------------

             Summary: Coverity, Explicit null dereferenced in FileSystemSecurityRealm
                 Key: ELY-1481
                 URL: https://issues.jboss.org/browse/ELY-1481
             Project: WildFly Elytron
          Issue Type: Bug
          Components: Authentication Client
    Affects Versions: 1.2.0.Beta11
            Reporter: Martin Choma


There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in wildfly-config.xml

{code:xml|title=elytron-1_0_1.xsd}
    <xsd:complexType name="credential-type">
        <xsd:simpleContent>
            <xsd:extension base="xsd:string">
                <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                <xsd:attribute name="format" type="xsd:string" use="optional"/>
            </xsd:extension>
        </xsd:simpleContent>
    </xsd:complexType>

    <xsd:complexType name="otp-credential-type">
        <xsd:simpleContent>
            <xsd:extension base="xsd:string">
                <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                <xsd:attribute name="hash" type="xsd:string" use="optional"/>
                <xsd:attribute name="seed" type="xsd:string" use="optional"/>
                <xsd:attribute name="sequence" type="xsd:string" use="optional"/>
            </xsd:extension>
        </xsd:simpleContent>
    </xsd:complexType>
{code}

Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in 
{code:java|title=java.security.Provider$ServiceKey.java}
        private ServiceKey(String type, String algorithm, boolean intern) {
            this.type = type;
            this.originalAlgorithm = algorithm;
            algorithm = algorithm.toUpperCase(ENGLISH);
            this.algorithm = intern ? algorithm.intern() : algorithm;
        }
{code}

[1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457601&mergedDefectId=1463442
[2] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457602&mergedDefectId=1463441




--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list