Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8813

Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 7.1.0.DR12
    • Component/s: Security
    • Labels:
      None

      Description

      Coverity found 2 occurences of possible null dereference.
      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359322&mergedDefectId=1395584
      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359323&mergedDefectId=1395585

      Method resolvePassword() is dereferencing resolvedPath field

          private char[] resolvePassword() throws Exception {
              ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue();
              CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null;
              if (cs != null) {
                  return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword();
              } else {
                  throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath());
              }
          }
      

      And method resolvePassword() is called 2 times from block, where resolvedPath is checked on null

          try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) {
              AtomicLoadKeyStore.LoadKey loadKey = keyStore.revertibleLoad(is, resolvePassword());
      
          try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) {
              char[] password = resolvePassword();
      

      Add null check into resolvePassword() method.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rhn-support-ivassile Ilia Vassilev
              Reporter:
              mchoma@redhat.com Martin Choma
              Tester:
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: