[
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petr Dvorak reopened AXIS2-5863:
--------------------------------
Universe is broken: The diff patch was not correctly applied. I can still see
the old code in 'trunk' and the issue is still present in 1.7.6.
> Possible null dereference in ServiceStub class
> ----------------------------------------------
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
> Issue Type: Bug
> Components: codegen
> Affects Versions: 1.7.5
> Reporter: Petr Dvorak
> Priority: Minor
> Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security
> vulnerabilities. Possible NullPointerException was detected in Axis2
> generated ServiceStub class code. The issue occurs in following generated
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also,
> we can see the path on how this variable value actually may become null, so
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
