Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-741

Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.1.0.Beta16
    • None
    • None

      Coverity static-analysis scan found 2 possible calls on null objects in SSLConfiguratorImpl.getDefaultSSLParameters() method.
      Both calls are related to following line:

      configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites());

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541383&mergedDefectId=1375370
      The getCipherSuites() call can return null (javax.net.ssl.SSLParameters.getCipherSuites) which can propagate to CipherSuiteSelector.evaluate() call where supportedMechanisms.length is used without null check.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541384&mergedDefectId=1375371
      The getProtocols() call can return null (javax.net.ssl.SSLParameters.getProtocols) which can propagate to ProtocolSelector.evaluate() call where supportedProtocols is used in for loop without null check.

      Suggested improvement
      Add null checks.

            rhn-support-ivassile Ilia Vassilev
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: