Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.DR12
Affects Version/s: 7.1.0.DR9
Component/s: Security
Labels:
- credential-store
- static_analysis

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Coverity static-analysis scan found possible method call on null object in {{org.wildfly.security.credential.source.CredentialStoreCredentialSource.getCredential(java.lang.Class, java.lang.String, java.security.spec.AlgorithmParameterSpec)}}

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
The problematic piece of code is:

credential = credentialStore.retrieve(alias, credentialType);
return credential.castAs(credentialType, algorithmName, parameterSpec);

The retrieve() method may return null in some cases as can be seen in KeyStoreCredentialStore class:

//...
final TopEntry topEntry = cache.get(credentialAlias);
if (topEntry == null) {
    return null;
}
//...

is cloned by

ELY-832 Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)

Resolved

Assignee:: Ilia Vassilev

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2016/12/14 10:24 AM

Updated:: 2024/09/13 3:53 PM

Resolved:: 2017/02/17 6:23 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates