Uploaded image for project: 'Axis2'
  1. Axis2
  2. AXIS2-5863

Possible null dereference in ServiceStub class

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7.5
    • Fix Version/s: 1.7.6
    • Component/s: codegen
    • Labels:

      Description

      We use Coverity Scan tool to audit our open-source code against security vulnerabilities. Possible NullPointerException was detected in Axis2 generated ServiceStub class code. The issue occurs in following generated code:

      } finally {
          if (_messageContext.getTransportOut() != null) {
              _messageContext.getTransportOut().getSender()
              .cleanup(_messageContext);
          }
      }
      

      In case "_messageContext" is set to null, the if condition throws NPE. Also, we can see the path on how this variable value actually may become null, so we believe the issue is valid and null check should be present...

      Here are possible implications of the issue from the security perspective:

      http://cwe.mitre.org/data/definitions/476.html

        Attachments

        1. diff.patch
          2 kB
          Petr Dvorak

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              joshis Petr Dvorak
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: