CWE-663: Use of a Non-reentrant Function in a Concurrent Context

Description

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

In this example, a signal handler uses syslog() to log a message:



syslog(LOG_NOTICE,"%s\n",message);sleep(10);exit(0);

...signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state.char *message;void sh(int dummy) {}int main(int argc,char* argv[]) {}

Example - 2

The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.


allow();deny();pwd = getpwnam(getlogin());if (isTrustedGroup(pwd->pw_gid)) {} else {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-479: Signal Handler Use of a Non-reentrant Function
Go to
CWE-558: Use of getlogin() in Multithreaded Application
Go to
CWE-662: Improper Synchronization
Go to
CWE-1265: Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Go to

Visit http://cwe.mitre.org/ for more details.