You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/09/30 22:51:04 UTC
[jira] [Resolved] (KNOX-603) Coverity: Potential resource leak in
BaseKeystoreService.createKeystore
[ https://issues.apache.org/jira/browse/KNOX-603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Minder resolved KNOX-603.
-------------------------------
Resolution: Fixed
> Coverity: Potential resource leak in BaseKeystoreService.createKeystore
> -----------------------------------------------------------------------
>
> Key: KNOX-603
> URL: https://issues.apache.org/jira/browse/KNOX-603
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.6.0
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Priority: Minor
> Fix For: 0.7.0
>
>
> {code}
> protected void createKeystore(String filename, String keystoreType) throws KeystoreServiceException {
> 92 try {
> 1. alloc_fn: A new resource is returned from allocation method createKeyStoreFile. [show details]
> 2. var_assign: Assigning: out = resource returned from org.apache.hadoop.gateway.services.security.impl.BaseKeystoreService.createKeyStoreFile(filename).
> 93 FileOutputStream out = createKeyStoreFile( filename );
> 94 KeyStore ks = KeyStore.getInstance(keystoreType);
> 95 ks.load( null, null );
> CID 1241742: Use of hard-coded password (HARDCODED_CREDENTIALS) [select issue]
> 3. noescape: Resource out is not closed or saved in store.
> 96 ks.store( out, masterService.getMasterSecret() );
>
> CID 1241679: Resource leak (RESOURCE_LEAK)
> 4. leaked_resource: Variable out going out of scope leaks the resource it refers to.
> 97 } catch (KeyStoreException e) {
> 98 LOG.failedToCreateKeystore( filename, keystoreType, e );
> 99 throw new KeystoreServiceException(e);
> 100 } catch (NoSuchAlgorithmException e) {
> 101 LOG.failedToCreateKeystore( filename, keystoreType, e );
> 102 throw new KeystoreServiceException(e);
> 103 } catch (CertificateException e) {
> 104 LOG.failedToCreateKeystore( filename, keystoreType, e );
> 105 throw new KeystoreServiceException(e);
> 106 } catch (FileNotFoundException e) {
> 107 LOG.failedToCreateKeystore( filename, keystoreType, e );
> 108 throw new KeystoreServiceException(e);
> 109 } catch (IOException e) {
> 110 LOG.failedToCreateKeystore( filename, keystoreType, e );
> 111 throw new KeystoreServiceException(e);
> 112 }
> 113 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)