Description

The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-662

Consequences

Integrity, Confidentiality, Other: Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic

Potential Mitigations

Phase: Implementation

Description: 

Use reentrant functions if available.

Phase: Implementation

Description: 

Add synchronization to your non-reentrant function.

Phase: Implementation

Description: 

In Java, use the ReentrantLock Class.

CVE References

• CVE-2001-1349
  • unsafe calls to library functions from signal handler

• CVE-2004-2259
  • SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.