-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
Coverity found possible null dereference, as encrypt.getIV() could return null in cases when option cryptoAlg is configured to some algorithm, which does not use IV.
KeyStoreCredentialStore.java
private void saveSecretKey(String ksAlias, ObjectOutputStream oos, KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException { ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024); ObjectOutputStream entryOos = new ObjectOutputStream(entryData); entryOos.writeUTF(ksAlias); writeBytes(entry.getSecretKey().getEncoded(), entryOos); entryOos.flush(); encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey); int blockSize = encrypt.getBlockSize(); Assert.checkMaximumParameter("cipher block size", 256, blockSize); byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize); byte[] encrypted = encrypt.doFinal(padded); byte[] iv = encrypt.getIV(); oos.writeInt(SECRET_KEY_ENTRY_TYPE); writeBytes(encrypted, oos); writeBytes(iv, oos); }
- clones
-
JBEAP-10077 Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey
- Closed