1. Home
  2. CWE Database
  3. CWE-663
Base · Medium

CWE-663: Use of a Non-reentrant Function in a Concurrent Context

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise inf...

CWE-663 · Base Level ·2 CVEs ·3 Mitigations

Description

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Potential Impact

Integrity, Confidentiality, Other

Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic

Demonstrative Examples

In this example, a signal handler uses syslog() to log a message:
Bad
char *message;void sh(int dummy) {syslog(LOG_NOTICE,"%s\n",message);sleep(10);exit(0);}int main(int argc,char* argv[]) {...signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);}If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state.
The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.
Bad
pwd = getpwnam(getlogin());if (isTrustedGroup(pwd->pw_gid)) {allow();} else {deny();}

Mitigations & Prevention

Implementation

Use reentrant functions if available.

Implementation

Add synchronization to your non-reentrant function.

Implementation

In Java, use the ReentrantLock Class.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2001-1349unsafe calls to library functions from signal handler
CVE-2004-2259SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.

CWE-662: Improper Synchronization

The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource ...

Frequently Asked Questions

What is CWE-663?

CWE-663 (Use of a Non-reentrant Function in a Concurrent Context) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise inf...

How can CWE-663 be exploited?

Attackers can exploit CWE-663 (Use of a Non-reentrant Function in a Concurrent Context) to modify memory, read memory, modify application data, read application data, alter execution logic. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-663?

Key mitigations include: Use reentrant functions if available.

What is the severity of CWE-663?

CWE-663 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.