Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.DR12
Affects Version/s: 7.1.0.DR8
Component/s: Security
Labels:
- authentication
- digest
- http
- sasl
- static_analysis

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Coverity static-analysis scan found 3 possible calls on null objects in AbstractDigestMechanism class:

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541368&mergedDefectId=1369283
Method wrapConfidentialityProtectedMessage

cipheredPart = wrapCipher.update(toCipher);
// ... cipheredPart may be null
byte[] result = new byte[cipheredPart.length + 6];

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541380&mergedDefectId=1369285
Method createCipher

// the getTransformationSpec may be null - look at DefaultTransformationMapper
ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation());

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541367&mergedDefectId=1369297
Method unwrapConfidentialityProtectedMessage

clearText = unwrapCipher.update(message, offset, len - 6);
// the clearText may be null in clearText.length
System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10);

Suggested improvement
Add null checks.

is cloned by

ELY-739 Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)

Resolved

Assignee:: Ilia Vassilev

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2016/11/11 7:41 AM

Updated:: 2024/09/13 3:56 PM

Resolved:: 2017/02/17 6:11 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates