-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
Coverity found 2 possible occurences of dereferencing null.
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359321&mergedDefectId=1395588
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359320&mergedDefectId=1396462
private char[] resolvePassword() throws Exception { ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue(); CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null; if (cs != null) { return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword(); } else { throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath()); } }
Both getCredential(Class<C> credentialType) and getPassword(Class<P> type) have in javadoc mentioned return value can be null.
Also in org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder.SimpleDirContextFactory.obtainDirContext(org.wildfly.security.auth.realm.ldap.DirContextFactory.ReferralMode) returned value are explicitely checked on null value.
Add null check also in resolvePassword() method
- clones
-
JBEAP-8814 Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)
- Closed