[AXIS2-5863] Possible null dereference in ServiceStub class - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.7.5
Fix Version/s: 1.7.6
Component/s: codegen
Labels:
- security

Description

We use Coverity Scan tool to audit our open-source code against security vulnerabilities. Possible NullPointerException was detected in Axis2 generated ServiceStub class code. The issue occurs in following generated code:

} finally {
    if (_messageContext.getTransportOut() != null) {
        _messageContext.getTransportOut().getSender()
        .cleanup(_messageContext);
    }
}

In case "_messageContext" is set to null, the if condition throws NPE. Also, we can see the path on how this variable value actually may become null, so we believe the issue is valid and null check should be present...

Here are possible implications of the issue from the security perspective:

http://cwe.mitre.org/data/definitions/476.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

diff.patch
27/Jul/17 21:20
2 kB
Petr Dvorak

Activity

People

Assignee:: Unassigned

Reporter:: Petr Dvorak

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Jul/17 19:23

Updated:: 08/Aug/17 20:21

Resolved:: 08/Aug/17 20:21