Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1050

Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.Beta38
    • None
    • None
    • None

      Coverity found possible null dereference, as encrypt.getIV() could return null in cases when option cryptoAlg is configured to some algorithm, which does not use IV.

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563831&defectInstanceId=2991544&mergedDefectId=1422739

      KeyStoreCredentialStore.java
              private void saveSecretKey(String ksAlias, ObjectOutputStream oos, KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException {
                  ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024);
                  ObjectOutputStream entryOos = new ObjectOutputStream(entryData);
                  entryOos.writeUTF(ksAlias);
                  writeBytes(entry.getSecretKey().getEncoded(), entryOos);
                  entryOos.flush();
      
                  encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey);
                  int blockSize = encrypt.getBlockSize();
                  Assert.checkMaximumParameter("cipher block size", 256, blockSize);
                  byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize);
      
                  byte[] encrypted = encrypt.doFinal(padded);
                  byte[] iv = encrypt.getIV();
      
                  oos.writeInt(SECRET_KEY_ENTRY_TYPE);
                  writeBytes(encrypted, oos);
                  writeBytes(iv, oos);
              }
      

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: