Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1235

Coverity, Dereference null return value, JdbcSecurityRealm (Elytron)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.CR3
    • None
    • None
    • None

      Coverity found possible dereference of null.

      executePrincipalQuery() can return null and credential.matches() is called without check

      JdbcSecurityRealm.java
           @Override
      156        public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
      157            Assert.checkNotNullParam("credentialType", credentialType);
      158            for (QueryConfiguration configuration : JdbcSecurityRealm.this.queryConfiguration) {
      159                for (KeyMapper keyMapper : configuration.getColumnMappers(KeyMapper.class)) {
      160                    if (keyMapper.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec).mayBeSupported()) {
      161                        final Credential credential = executePrincipalQuery(configuration, r -> keyMapper.map(r, providers));
      162                        if (credential.matches(credentialType, algorithmName, parameterSpec)) {
      163                            return credentialType.cast(credential);
      164                        }
      165                    }
      166                }
      167            }
      168
      169            return null;
      170        }
      

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=22329013&defectInstanceId=5071812&mergedDefectId=1440468

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: