BaseDraft

CWE-1265Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

Category: other

Description

The product invokes code that is believed to be reentrant, but the code performs a call that unintentionally produces a nested invocation of the non-reentrant code. In a complex product, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call, even if that call is assumed to be reentrant. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently a concern in products that execute scripts from untrusted sources. Examples of such products are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.

Common consequences· 1

  • Integrity — Unexpected State
    Exploitation of this weakness can leave the application in an unexpected state and cause variables to be reassigned before the first invocation has completed. This may eventually result in memory corruption or unexpected code execution.

Potential mitigations· 2

  • [Architecture and Design]When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread's message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.
  • [Implementation]Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.

Related CAPEC attack patterns· 1

CAPEC-74

References

  1. https://cwe.mitre.org/data/definitions/1265.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternManipulating Statecapec-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of a Non-reentrant Function in a Concurrent Context
CWE
Insufficient Control Flow Management
CWE
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE
Uncontrolled Recursion
CWE
Unchecked Return Value
CWE
Excessively Deep Nesting
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.