-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Coverity found 2 occurences of possible null dereference.
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359322&mergedDefectId=1395584
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359323&mergedDefectId=1395585
Method resolvePassword() is dereferencing resolvedPath field
private char[] resolvePassword() throws Exception { ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue(); CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null; if (cs != null) { return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword(); } else { throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath()); } }
And method resolvePassword() is called 2 times from block, where resolvedPath is checked on null
try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { AtomicLoadKeyStore.LoadKey loadKey = keyStore.revertibleLoad(is, resolvePassword()); try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { char[] password = resolvePassword();
Add null check into resolvePassword() method.
- is cloned by
-
WFLY-8103 Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)
- Closed
- is incorporated by
-
JBEAP-8838 Upgrade to Elytron Subsystem 1.0.0.Beta8
- Closed