Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.DR12
Affects Version/s: 7.1.0.DR8
Component/s: Security
Labels:

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Links:

Coverity static-analysis scan found possible use of null object in FileSystemSecurityRealm.parseCredential() method.

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760040&defectInstanceId=1541373&mergedDefectId=1369298&eventId=1541373-14
If the format is not provided as an attribute in the provided XML stream, then the call

  String format = null;
  // ...
  function.parseCredential(algorithm, format, text);

will fail for parsePublicKey method as the function code it contains code calling method of the format parameter (with possible null value).

if (! format.equals("pkcs8")) {
    throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name);
}

is cloned by

ELY-748 Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)

Resolved

Assignee:: Ilia Vassilev

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2016/11/14 6:35 AM

Updated:: 2017/02/28 5:51 AM

Resolved:: 2017/02/17 6:07 AM