Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1195

Coverity, Dereference after null check in KeyStoreCredentialStore (Elytron)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.Beta49
    • None
    • None
    • None

      dataLocation is dereferenced, although it is checked on null before (could be null).

      Setting Critical priority as that can cover root cause of real problem with NPE.

      KeyStoreCredentialStore.java
      try {
    if (dataLocation != null && Files.exists(dataLocation)) {
        char[] password = getStorePassword(protectionParameter);
        try (InputStream fileStream = Files.newInputStream(dataLocation)) {
            if (useExternalStorage) {
                externalStorage.load(fileStream);
            } else {
                keyStore.load(fileStream, password);
            }
        }
        enumeration = keyStore.aliases();
    } else {
        keyStore.load(null, null);
        enumeration = Collections.emptyEnumeration();
    }
} catch (GeneralSecurityException e) {
    throw log.cannotInitializeCredentialStore(
            log.internalEncryptionProblem(e, dataLocation.toString()));
}

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=20120757&defectInstanceId=4609349&mergedDefectId=1436246

            rhn-support-ivassile Ilia Vassilev
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: