Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Minor
Fix Version/s: None
Affects Version/s: 7.1.0.GA
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Text:
This issue only affects Elytron 1.2.0 and the version in EAP 7.1.z is Elytron 1.1.x. The upstream fix is not needed for that version because the classes do not overrider getNegotiatedProperty() method.
Target Release:

7.1.z.GA

SFDC Cases Counter:
SFDC Cases Links:

super.getNegotiatedProperty() is not called in AbstractGssapiMechanism#getNegotiatedProperty, although it is called in similar cases in Gs2SaslServer, DigestSaslServer, AnonymousSaslClient.

AbstractGssapiMechanism.java

    @Override
    public Object getNegotiatedProperty(String propName) {
        assertComplete();

        switch (propName) {
            case Sasl.QOP:
                return selectedQop.getName();
            case Sasl.MAX_BUFFER:
                return Integer.toString(actualMaxReceiveBuffer != 0 ? actualMaxReceiveBuffer : configuredMaxReceiveBuffer);
            case Sasl.RAW_SEND_SIZE:
                return Integer.toString(maxBuffer);
        }

        return null;
    }

This coverity report is not caused by recent change in AbstractGssapiMechanism but rather Gs2SaslServer and DigestSaslServer

[1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847684&defectInstanceId=9457508&mergedDefectId=1463150

clones

ELY-1479 Coverity, Missing call to superclass in AbstractGssapiMechanism

Resolved

Assignee:: Ilia Vassilev

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2018/01/25 5:01 PM

Updated:: 2018/06/20 12:32 PM

Resolved:: 2018/06/20 12:32 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates