SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 111

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 112

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Java Web Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. In some isolated cases, the application or applet's attempt to establish an HTTPS connection with a server generated a NullPointerException [SDN 2008]. The resulting failure to establish a secure HTTPS connection with the server caused a denial of service. Clients were temporarily forced to use an insecure HTTP channel for data exchange.

Related Guidelines

CERT C Secure Coding Standard

EXP34-C. Do not dereference null pointers

CERT C++ Secure Coding Standard

EXP34-CPP. Ensure a null pointer is not dereferenced

ISO/IEC TR 24772:2010

Null Pointer Dereference [XYH]

MITRE CWE

CWE-476. NULL pointer dereference

Android Implementation Details

Android applications are more sensitive to NullPointerException due to the constraint of the limited mobile device memory. Static members or members of an Activity may become null when memory runs out.

Bibliography

[API 2006]

Method doPrivileged()

[Hovemeyer 2007]

 

[Reasoning 2003]

Defect ID 00-0001

 

Null Pointer Dereference

[SDN 2008]

Bug ID 6514454

...