Use of a Non-reentrant Function in an Unsynchronized Context |
Weakness ID: 663 (Weakness Base) | Status: Draft |
Description Summary
The software calls a non-reentrant function in a context where a competing thread may have an opportunity to call the same function or otherwise influence its state.
Use reentrant functions if available. |
Add synchronization to your non-reentrant function. |
In Java, you can use the ReentrantLock Class. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 361 | Time and State | Development Concepts (primary)699 |
ChildOf | Weakness Base | 662 | Insufficient Synchronization | Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 558 | Use of getlogin() in Multithreaded Application | Research Concepts (primary)1000 |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
Java Concurrency API, SUN. "Class ReentrantLock". <http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/locks/ReentrantLock.html>. |
Dipak Jha (dipakjha@in.ibm.com), Software Engineer, IBM. "Use reentrant functions for safer signal handling". <http://www.ibm.com/developerworks/linux/library/l-reent.html>. |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated References, Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, References | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns |