[jira] [Resolved] (AXIS2-5863) Possible null dereference in ServiceStub class
[
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petr Dvorak resolved AXIS2-5863.
Resolution: Fixed
> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
> Issue Type: Bug
> Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
> Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security
> vulnerabilities. Possible NullPointerException was detected in Axis2
> generated ServiceStub class code. The issue occurs in following generated
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also,
> we can see the path on how this variable value actually may become null, so
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Resolved] (AXIS2-5863) Possible null dereference in ServiceStub class
[
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Veithen resolved AXIS2-5863.
Resolution: Fixed
Fix Version/s: 1.7.6
> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
> Issue Type: Bug
> Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
> Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security
> vulnerabilities. Possible NullPointerException was detected in Axis2
> generated ServiceStub class code. The issue occurs in following generated
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also,
> we can see the path on how this variable value actually may become null, so
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
