Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1278

Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.1.0.CR3
    • Component/s: None
    • Labels:
      None

      Description

      Coverity found possible NPE occurense, as according to javadoc for SSLSession().getLocalCertificates() may return null [1], but X500.asX509CertificateArray can't consume null parameter and NPE will be thrown in that case.

      ServerAuthenticationContext.java
       
                      } else if (callback instanceof SSLCallback) {
                          SSLCallback sslCallback = (SSLCallback) callback;
      
                          try {
                              peerCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates());
                          } catch (SSLPeerUnverifiedException e) {
                              log.trace("Peer unverified", e);
                              peerCerts = null;
                          }
                          serverCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates());
                          handleOne(callbacks, idx + 1);
                      }
      

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=26379676&defectInstanceId=5932898&mergedDefectId=1449008

      [1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#getLocalCertificates--

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: