From 239c5f2e463cc63cac3f77bfc7bd093af2ea3b37 Mon Sep 17 00:00:00 2001
From: Stefan Neuhaus <stefan@stefanneuhaus.org>
Date: Thu, 13 Jul 2017 21:21:03 +0200
Subject: [PATCH] Prevent NPE in case the CveDB.getInstance() failed. This NPE
 masked the actual cause thereby hampering issue analysis

---
 .../org/owasp/dependencycheck/data/update/NvdCveUpdater.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
index ee26e8dbd..3ab3c5c56 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
@@ -172,7 +172,9 @@ public class NvdCveUpdater implements CachedWebDataSource {
             throw new UpdateException("Database Exception", ex);
         } finally {
             shutdownExecutorServices();
-            cveDb.close();
+            if(cveDb != null) {
+                cveDb.close();
+            }
             if (lock != null) {
                 try {
                     lock.release();