Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1480

Coverity, Explicit null dereferenced in FileSystemSecurityRealm

    Details

      Description

      There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in wildfly-config.xml

      elytron-1_0_1.xsd
          <xsd:complexType name="credential-type">
              <xsd:simpleContent>
                  <xsd:extension base="xsd:string">
                      <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                      <xsd:attribute name="format" type="xsd:string" use="optional"/>
                  </xsd:extension>
              </xsd:simpleContent>
          </xsd:complexType>
      
          <xsd:complexType name="otp-credential-type">
              <xsd:simpleContent>
                  <xsd:extension base="xsd:string">
                      <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                      <xsd:attribute name="hash" type="xsd:string" use="optional"/>
                      <xsd:attribute name="seed" type="xsd:string" use="optional"/>
                      <xsd:attribute name="sequence" type="xsd:string" use="optional"/>
                  </xsd:extension>
              </xsd:simpleContent>
          </xsd:complexType>
      

      Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in

      java.security.Provider$ServiceKey.java
              private ServiceKey(String type, String algorithm, boolean intern) {
                  this.type = type;
                  this.originalAlgorithm = algorithm;
                  algorithm = algorithm.toUpperCase(ENGLISH);
                  this.algorithm = intern ? algorithm.intern() : algorithm;
              }
      

      [1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457601&mergedDefectId=1463442
      [2] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457602&mergedDefectId=1463441

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: