axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Petr Dvorak (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AXIS2-5863) Possible null dereference in ServiceStub class
Date Thu, 27 Jul 2017 21:22:00 GMT

     [ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Petr Dvorak updated AXIS2-5863:
-------------------------------
    Attachment: diff.patch

I'm attaching a patch file. The change seems very non-intrusive to me, I would love if we
could see it in 1.7.6! :-)

> Possible null dereference in ServiceStub class
> ----------------------------------------------
>
>                 Key: AXIS2-5863
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5863
>             Project: Axis2
>          Issue Type: Bug
>          Components: codegen
>    Affects Versions: 1.7.5
>            Reporter: Petr Dvorak
>              Labels: security
>         Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security vulnerabilities.
Possible NullPointerException was detected in Axis2 generated ServiceStub class code. The
issue occurs in following generated code:
> {code:java}
> } finally {
>     if (_messageContext.getTransportOut() != null) {
>         _messageContext.getTransportOut().getSender()
>         .cleanup(_messageContext);
>     }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, we can see
the path on how this variable value actually may become null, so we believe the issue is valid
and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message