Operation on a Resource after Expiration or Release
Weakness ID: 672 (Weakness Base)Status: Draft
+ Description

Description Summary

The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Demonstrative Examples

Example 1

In the following C/C++ example the method processMessage is used to process a message received in the input array of char arrays. The input message array contains two char arrays the first is the length of the message and the second is the body of the message. The length of the message is retrieved and used to allocate enough memory for a local char array, messageBody, to be created for the message body. The messageBody is processed in the method processMessageBody that will return an error if an error occurs while processing. If an error occurs then the return result variable is set to indicate an error and the messageBody char array memory is released using the method free and an error message is sent to the logError method.

(Bad Code)
Example Languages: C and C++ 
#define FAIL 0
#define SUCCESS 1
#define ERROR -1
#define MAX_MESSAGE_SIZE 32

int processMessage(char **message)
{
int result = SUCCESS;

int length = getMessageLength(message[0]);
char *messageBody;

if ((length > 0) && (length < MAX_MESSAGE_SIZE)) {

messageBody = (char*)malloc(length*sizeof(char));
messageBody = &message[1][0];

int success = processMessageBody(messageBody);

if (success == ERROR) {
result = ERROR;
free(messageBody);
}
}
else {
printf("Unable to process message; invalid message length");
result = FAIL;
}

if (result == ERROR) {
logError("Error processing message", messageBody);
}

return result;
}

However, the call to the method logError includes the messageBody after the memory for messageBody has been released using the free method. This can cause unexpected results and may lead to system crashes. A variable should never be used after its memory resources have been released.

(Good Code)
Example Languages: C and C++ 
...
messageBody = (char*)malloc(length*sizeof(char));
messageBody = &message[1][0];

int success = processMessageBody(messageBody);

if (success == ERROR) {
result = ERROR;
logError("Error processing message", messageBody);
free(messageBody);
}
...
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base666Operation on Resource in Wrong Phase of Lifetime
Research Concepts (primary)1000
ChildOfCategoryCategory8082010 Top 25 - Weaknesses On the Cusp
Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)800
ParentOfWeakness BaseWeakness Base298Improper Validation of Certificate Expiration
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base324Use of a Key Past its Expiration Date
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base416Use After Free
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base562Return of Stack Variable Address
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Research Concepts (primary)1000
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships