Use of a Non-reentrant Function in a Concurrent Context| ID: 663 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The software calls a non-reentrant function in a concurrent
context in which a competing code sequence (e.g. thread or signal handler) may
have an opportunity to call the same function or otherwise influence its
state.
Applicable PlatformsNone
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| IntegrityConfidentialityOther | Modify application
dataRead application
dataAlter execution
logic | |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Use reentrant functions if available. | | |
| Implementation | | Add synchronization to your non-reentrant function. | | |
| Implementation | | In Java, use the ReentrantLock Class. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-663 ChildOf CWE-894 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2001-1349 : unsafe calls to library functions from signal handler
- CVE-2004-2259 : handler for SIGCHLD uses non-reentrant functions
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:
- SUN .Java Concurrency API. Section:'Class ReentrantLock'.
- Dipak Jha, Software Engineer, IBM .Use reentrant functions for safer signal
handling.
