Use of a Non-reentrant Function in a Concurrent Context

Draft Base

Structure: Simple

Description

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Common Consequences 1

Scope: IntegrityConfidentialityOther

Impact: Modify MemoryRead MemoryModify Application DataRead Application DataAlter Execution Logic

Potential Mitigations 3

Phase: Implementation

Use reentrant functions if available.

Phase: Implementation

Add synchronization to your non-reentrant function.

Phase: Implementation

In Java, use the ReentrantLock Class.

Demonstrative Examples 2

ID : DX-171

In this example, a signal handler uses syslog() to log a message:

Code Example:Bad
C
c

ID : DX-172

The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.

Code Example:Bad
C
c

Observed Examples 2

CVE-2001-1349unsafe calls to library functions from signal handler

CVE-2004-2259SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.

References 2

Java Concurrency API

SUN

https://docs.oracle.com/javase/1.5.0/docs/api/java/util/concurrent/locks/ReentrantLock.html(2023-04-07)

ID: REF-547

Use reentrant functions for safer signal handling

Dipak Jha, Software Engineer, IBM

https://archive.ph/rl1XR(2023-04-07)

ID: REF-548

Modes of Introduction

Implementation

Related Attack Patterns

29
Path Traversal: '\..\filename'

Related Weaknesses

ChildOf:

Improper Synchronization (CWE-662)