Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.ER1
Affects Version/s: 7.1.0.DR18
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/850

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

dataLocation is dereferenced, although it is checked on null before (could be null).

Setting Critical priority as that can cover root cause of real problem with NPE.

KeyStoreCredentialStore.java

try {
    if (dataLocation != null && Files.exists(dataLocation)) {
        char[] password = getStorePassword(protectionParameter);
        try (InputStream fileStream = Files.newInputStream(dataLocation)) {
            if (useExternalStorage) {
                externalStorage.load(fileStream);
            } else {
                keyStore.load(fileStream, password);
            }
        }
        enumeration = keyStore.aliases();
    } else {
        keyStore.load(null, null);
        enumeration = Collections.emptyEnumeration();
    }
} catch (GeneralSecurityException e) {
    throw log.cannotInitializeCredentialStore(
            log.internalEncryptionProblem(e, dataLocation.toString()));
}

https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=20120757&defectInstanceId=4609349&mergedDefectId=1436246

is cloned by

ELY-1195 Coverity, Dereference after null check in KeyStoreCredentialStore (Elytron)

Resolved

is incorporated by

JBEAP-11304 Upgrade WildFly Elytron to 1.1.0.Beta50

Closed

Assignee:: Ilia Vassilev

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/05/24 3:48 AM

Updated:: 2024/09/02 4:11 PM

Resolved:: 2017/06/06 2:59 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates