Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8103

Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 11.0.0.Alpha1
    • None
    • Security
    • None

      Coverity found 2 occurences of possible null dereference.
      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359322&mergedDefectId=1395584
      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359323&mergedDefectId=1395585

      Method resolvePassword() is dereferencing resolvedPath field

          private char[] resolvePassword() throws Exception {
              ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue();
              CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null;
              if (cs != null) {
                  return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword();
              } else {
                  throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath());
              }
          }
      

      And method resolvePassword() is called 2 times from block, where resolvedPath is checked on null

          try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) {
              AtomicLoadKeyStore.LoadKey loadKey = keyStore.revertibleLoad(is, resolvePassword());
      
          try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) {
              char[] password = resolvePassword();
      

      Add null check into resolvePassword() method.

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: