[
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16106454#comment-16106454
]
Hudson commented on AXIS2-5863:
-------------------------------
FAILURE: Integrated in Jenkins build axis2-1.7 #124 (See
[https://builds.apache.org/job/axis2-1.7/124/])
AXIS2-5863: Merge r1803414 to the 1.7 branch. (veithen: rev 1803415)
* (edit) axis2
* (edit)
axis2/modules/codegen/src/org/apache/axis2/wsdl/template/java/InterfaceImplementationTemplate.xsl
> Possible null dereference in ServiceStub class
> ----------------------------------------------
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
> Issue Type: Bug
> Components: codegen
> Affects Versions: 1.7.5
> Reporter: Petr Dvorak
> Priority: Minor
> Labels: security
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security
> vulnerabilities. Possible NullPointerException was detected in Axis2
> generated ServiceStub class code. The issue occurs in following generated
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also,
> we can see the path on how this variable value actually may become null, so
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
