Details
-
Bug
-
Resolution: Done
-
Major
-
1.2.0.Beta11
-
None
Description
There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in wildfly-config.xml
elytron-1_0_1.xsd
<xsd:complexType name="credential-type"> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute name="algorithm" type="xsd:string" use="optional"/> <xsd:attribute name="format" type="xsd:string" use="optional"/> </xsd:extension> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="otp-credential-type"> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute name="algorithm" type="xsd:string" use="optional"/> <xsd:attribute name="hash" type="xsd:string" use="optional"/> <xsd:attribute name="seed" type="xsd:string" use="optional"/> <xsd:attribute name="sequence" type="xsd:string" use="optional"/> </xsd:extension> </xsd:simpleContent> </xsd:complexType>
Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in
java.security.Provider$ServiceKey.java
private ServiceKey(String type, String algorithm, boolean intern) { this.type = type; this.originalAlgorithm = algorithm; algorithm = algorithm.toUpperCase(ENGLISH); this.algorithm = intern ? algorithm.intern() : algorithm; }
[1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457601&mergedDefectId=1463442
[2] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847809&defectInstanceId=9457602&mergedDefectId=1463441
Attachments
Issue Links
- is cloned by
-
-
- Closed
-