-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Coverity static-analysis scan found 3 possible calls on null objects in AbstractDigestMechanism class:
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541368&mergedDefectId=1369283
Method wrapConfidentialityProtectedMessage
cipheredPart = wrapCipher.update(toCipher); // ... cipheredPart may be null byte[] result = new byte[cipheredPart.length + 6];
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541380&mergedDefectId=1369285
Method createCipher
// the getTransformationSpec may be null - look at DefaultTransformationMapper
ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation());
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541367&mergedDefectId=1369297
Method unwrapConfidentialityProtectedMessage
clearText = unwrapCipher.update(message, offset, len - 6); // the clearText may be null in clearText.length System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10);
Suggested improvement
Add null checks.
- clones
-
JBEAP-7071 Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)
- Closed