[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Petr Dvorak closed AXIS2-5863. ------------------------------ Confirming fix in 1.7.6. > Possible null dereference in ServiceStub class > ---------------------------------------------- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen > Affects Versions: 1.7.5 > Reporter: Petr Dvorak > Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org