Details
-
Bug
-
Resolution: Done
-
Major
-
7.1.0.DR8
Description
Coverity static-analysis scan found 3 possible calls on null objects in ServerAuthenticationContext class.
In {{ServerAuthenticationContext.AuthorizedState.isSamePrincipal(Principal)}} - Return value of function which returns null is dereferenced without checking.
2039 boolean isSamePrincipal(final Principal principal) { // 1. returned_null: getName returns null (checked 9 out of 11 times). (The virtual call resolves to org.wildfly.security.auth.server.PrincipalDecoder.<clinit>/<gen>org.wildfly.security.auth.server.PrincipalDecoder_instance_2.getName.) [show details] // 2. var_assigned: Assigning: name = null return value from getName. 2040 String name = authorizedIdentity.getSecurityDomain().getPrincipalDecoder().getName(principal); // CID 1369286 (#1 of 1): Dereference null return value (NULL_RETURNS)3. dereference: Dereferencing a pointer that might be null name when calling isSameName. [show details] 2041 return isSameName(name); 2042 }
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541377&mergedDefectId=1369289
In {{ServerAuthenticationContext.NameAssignedState.isSamePrincipal(Principal)}} - the same as the previous one.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541378&mergedDefectId=1369304
In {{ServerAuthenticationContext.ANONYMOUS.handleOne(Callback[], int)}}
790 final PasswordCallback passwordCallback = (PasswordCallback) callback; 791 // 8. returned_null: getCredentialAcquireSupport returns null (checked 0 out of 1 times). [show details] // CID 1369304 (#1 of 1): Dereference null return value (NULL_RETURNS)9. null_method_call: Calling a method on null object getCredentialAcquireSupport(org.wildfly.security.credential.PasswordCredential.class). 792 if (getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) {
Suggested improvement
Add null checks.
Attachments
Issue Links
- is cloned by
-
-
- Resolved
-
