Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR15
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/758

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Coverity found possible division by zero code.

https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563831&defectInstanceId=2991543&mergedDefectId=1422738

KeyStoreCredentialStore.java

        private byte[] pkcs7Pad(byte[] buffer, int blockSize) {
            int len = buffer.length;
            int toFill = blockSize - (len % blockSize);
            byte[] padded = Arrays.copyOf(buffer, toFill + len);
            Arrays.fill(padded, len, padded.length, (byte) toFill);
            return padded;
        }

blockSize could be 0 as encrypt.getBlockSize() return 0 if used algorithm is not blocked-based. Although default cyptographic algoritm is block-based DEFAULT_CRYPTOGRAPHIC_ALGORITHM = "AES/CBC/NoPadding" , this is configurable with cryptoAlg option and thus non-block-based algorithm can be configured.

is cloned by

ELY-1049 Coverity, division by zero in KeyStoreCredentialStore (Elytron)

Resolved

is incorporated by

JBEAP-10243 Upgrade WildFly Elytron to 1.1.0.Beta36

Closed

Assignee:: Ilia Vassilev

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/04/03 4:09 AM

Updated:: 2024/09/02 4:07 PM

Resolved:: 2017/04/12 5:52 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates