Return-Path: <java-dev-return-96034-archive-asf-public=cust-asf.ponee.io@axis.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id CA54D200CD2
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 27 Jul 2017 23:22:04 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id C846516BA80; Thu, 27 Jul 2017 21:22:04 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 1A3BE16BA7F
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 27 Jul 2017 23:22:03 +0200 (CEST)
Received: (qmail 89223 invoked by uid 500); 27 Jul 2017 21:22:03 -0000
Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:java-dev-help@axis.apache.org>
List-Unsubscribe: <mailto:java-dev-unsubscribe@axis.apache.org>
List-Post: <mailto:java-dev@axis.apache.org>
List-Id: <java-dev.axis.apache.org>
Reply-To: java-dev@axis.apache.org
Delivered-To: mailing list java-dev@axis.apache.org
Received: (qmail 89214 invoked by uid 99); 27 Jul 2017 21:22:03 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jul 2017 21:22:03 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id B26DC1A19E6
	for <java-dev@axis.apache.org>; Thu, 27 Jul 2017 21:22:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id trKTcV9fNlUF for <java-dev@axis.apache.org>;
	Thu, 27 Jul 2017 21:22:01 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 219BD5F21F
	for <java-dev@axis.apache.org>; Thu, 27 Jul 2017 21:22:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 55F10E00A3
	for <java-dev@axis.apache.org>; Thu, 27 Jul 2017 21:22:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0CA3221ED9
	for <java-dev@axis.apache.org>; Thu, 27 Jul 2017 21:22:00 +0000 (UTC)
Date: Thu, 27 Jul 2017 21:22:00 +0000 (UTC)
From: "Petr Dvorak (JIRA)" <jira@apache.org>
To: java-dev@axis.apache.org
Message-ID: <JIRA.13090604.1501183431000.30961.1501190520047@Atlassian.JIRA>
In-Reply-To: <JIRA.13090604.1501183431000@Atlassian.JIRA>
References: <JIRA.13090604.1501183431000@Atlassian.JIRA> <JIRA.13090604.1501183431727@jira-lw-us.apache.org>
Subject: [jira] [Updated] (AXIS2-5863) Possible null dereference in
 ServiceStub class
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Thu, 27 Jul 2017 21:22:05 -0000


     [ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Petr Dvorak updated AXIS2-5863:
-------------------------------
    Attachment: diff.patch

I'm attaching a patch file. The change seems very non-intrusive to me, I would love if we could see it in 1.7.6! :-)

> Possible null dereference in ServiceStub class
> ----------------------------------------------
>
>                 Key: AXIS2-5863
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5863
>             Project: Axis2
>          Issue Type: Bug
>          Components: codegen
>    Affects Versions: 1.7.5
>            Reporter: Petr Dvorak
>              Labels: security
>         Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security vulnerabilities. Possible NullPointerException was detected in Axis2 generated ServiceStub class code. The issue occurs in following generated code:
> {code:java}
> } finally {
>     if (_messageContext.getTransportOut() != null) {
>         _messageContext.getTransportOut().getSender()
>         .cleanup(_messageContext);
>     }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, we can see the path on how this variable value actually may become null, so we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org