Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1480

Coverity, Explicit null dereferenced in FileSystemSecurityRealm

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.3.1.Final, 1.4.0.Final
    • 1.2.0.Beta11
    • Realms
    • None

      There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in wildfly-config.xml

      elytron-1_0_1.xsd
          <xsd:complexType name="credential-type">
              <xsd:simpleContent>
                  <xsd:extension base="xsd:string">
                      <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                      <xsd:attribute name="format" type="xsd:string" use="optional"/>
                  </xsd:extension>
              </xsd:simpleContent>
          </xsd:complexType>
      
          <xsd:complexType name="otp-credential-type">
              <xsd:simpleContent>
                  <xsd:extension base="xsd:string">
                      <xsd:attribute name="algorithm" type="xsd:string" use="optional"/>
                      <xsd:attribute name="hash" type="xsd:string" use="optional"/>
                      <xsd:attribute name="seed" type="xsd:string" use="optional"/>
                      <xsd:attribute name="sequence" type="xsd:string" use="optional"/>
                  </xsd:extension>
              </xsd:simpleContent>
          </xsd:complexType>
      

      Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in

      java.security.Provider$ServiceKey.java
              private ServiceKey(String type, String algorithm, boolean intern) {
                  this.type = type;
                  this.originalAlgorithm = algorithm;
                  algorithm = algorithm.toUpperCase(ENGLISH);
                  this.algorithm = intern ? algorithm.intern() : algorithm;
              }
      

      [1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457601&mergedDefectId=1463442
      [2] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457602&mergedDefectId=1463441

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: