BaseIncomplete

CWE-1341Multiple Releases of Same Resource or Handle

Category: logic

Description

The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.

Common consequences· 1

  • Availability / Integrity — DoS: Crash, Exit, or Restart

Potential mitigations· 3

  • [Implementation]Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
  • [Implementation]It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
  • [Implementation]When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.

References

  1. https://cwe.mitre.org/data/definitions/1341.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Mismatched Memory Management Routines
CWE
Release of Invalid Pointer or Reference
CWE
Improper Resource Shutdown or Release
CWE
Unlock of a Resource that is not Locked
CWE
Premature Release of Resource During Expected Lifetime
CWE
Multiple Unlocks of a Critical Resource
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.