Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8104

Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 11.0.0.Alpha1
    • None
    • Security
    • None

      Coverity found 2 possible occurences of dereferencing null.

      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359321&mergedDefectId=1395588
      https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359320&mergedDefectId=1396462

          private char[] resolvePassword() throws Exception {
              ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue();
              CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null;
              if (cs != null) {
                  return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword();
              } else {
                  throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath());
              }
          }
      

      Both getCredential(Class<C> credentialType) and getPassword(Class<P> type) have in javadoc mentioned return value can be null.

      Also in org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder.SimpleDirContextFactory.obtainDirContext(org.wildfly.security.auth.realm.ldap.DirContextFactory.ReferralMode) returned value are explicitely checked on null value.

      Add null check also in resolvePassword() method

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: