CWE-764 关键资源的多重加锁
Multiple Locks of a Critical Resource
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The software locks a critical resource more times than intended, leading to an unexpected state in the system.
扩展描述
When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 667 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 667 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 675 cwe_View_ID: 1000
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Availability', 'Integrity'] | ['DoS: Resource Consumption (CPU)', 'DoS: Crash, Exit, or Restart', 'Unexpected State'] |
可能的缓解方案
Implementation
策略:
When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP21 | Multiple locks/unlocks |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论