Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR12
Component/s: Security
Labels:
- credential-store
- static_analysis

Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/751

SFDC Cases Counter:
SFDC Cases Links:

Description

Coverity static-analysis scan found possible call on null object in KeyStoreCredentialStore class:
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=9564274&defectInstanceId=2359189&mergedDefectId=1402109

In if branch where flow will get only if location is null, location is dereferenced:

KeyStoreCredentialStore.java

if (location != null && Files.exists(location))
            try (InputStream fileStream = Files.newInputStream(location)) {
                keyStore.load(fileStream, getStorePassword(protectionParameter));
                enumeration = keyStore.aliases();
            } catch (GeneralSecurityException | IOException e) {
                throw log.cannotInitializeCredentialStore(e);
        } else if (create) {
            try {
                keyStore.load(null, null);
                enumeration = Collections.emptyEnumeration();
            } catch (CertificateException | IOException | NoSuchAlgorithmException e) {
                throw log.cannotInitializeCredentialStore(e);
            }
        } else {
            throw log.automaticStorageCreationDisabled(location.toString());
        }

Attachments

Issue Links

is cloned by

ELY-1060 Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)

Resolved

Activity

People

Assignee:: Ilia Vassilev

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017/02/13 6:06 AM

Updated:: 2017/05/12 6:57 AM

Resolved:: 2017/05/08 10:08 AM