CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-413: Improper Resource Locking

Weakness ID: 413
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.

Extended Description

When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software's assumption that the resource will not change, potentially leading to unexpected behaviors.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Integrity
Availability

Technical Impact: Modify application data; DoS: instability; DoS: crash / exit / restart

+ Demonstrative Examples

Example 1

The following function attempts to acquire a lock in order to perform operations on a shared resource.

(Bad Code)
Example Language:
void f(pthread_mutex_t *mutex) {
pthread_mutex_lock(mutex);

/* access shared resource */

pthread_mutex_unlock(mutex);
}

However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason the function may introduce a race condition into the program and result in undefined behavior.

In order to avoid data races correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting it to higher levels.

(Good Code)
Example Language:
int f(pthread_mutex_t *mutex) {
int result;

result = pthread_mutex_lock(mutex);
if (0 != result)
return result;

/* access shared resource */

return pthread_mutex_unlock(mutex);
}

Example 2

This Java example shows a simple BankAccount class with deposit and withdraw methods.

(Bad Code)
Example Language: Java 
public class BankAccount {

// variable for bank account balance
private double accountBalance;

// constructor for BankAccount
public BankAccount() {
accountBalance = 0;
}

// method to deposit amount into BankAccount
public void deposit(double depositAmount) {

double newBalance = accountBalance + depositAmount;
accountBalance = newBalance;
}

// method to withdraw amount from BankAccount
public void withdraw(double withdrawAmount) {

double newBalance = accountBalance - withdrawAmount;
accountBalance = newBalance;
}

// other methods for accessing the BankAccount object
...
}

However, the deposit and withdraw methods have shared access to the account balance private class variable. This can result in a race condition if multiple threads attempt to call the deposit and withdraw methods simultaneously where the account balance is modified by one thread before another thread has completed modifying the account balance. For example, if a thread attempts to withdraw funds using the withdraw method before another thread that is depositing funds using the deposit method completes the deposit then there may not be sufficient funds for the withdraw transaction.

To prevent multiple threads from having simultaneous access to the account balance variable the deposit and withdraw methods should be synchronized using the synchronized modifier.

(Good Code)
Example Language: Java 
public class BankAccount {
...
// synchronized method to deposit amount into BankAccount
public synchronized void deposit(double depositAmount) {
...
}

// synchronized method to withdraw amount from BankAccount
public synchronized void withdraw(double withdrawAmount) {
...
}

...
}

An alternative solution is to use a lock object to ensure exclusive access to the bank account balance variable. As shown below, the deposit and withdraw methods use the lock object to set a lock to block access to the BankAccount object from other threads until the method has completed updating the bank account balance variable.

(Good Code)
Example Language: Java 
public class BankAccount {
...
// lock object for thread access to methods
private ReentrantLock balanceChangeLock;

// condition object to temporarily release lock to other threads
private Condition sufficientFundsCondition;

// method to deposit amount into BankAccount
public void deposit(double amount) {

// set lock to block access to BankAccount from other threads
balanceChangeLock.lock();
try {
double newBalance = balance + amount;
balance = newBalance;

// inform other threads that funds are available
sufficientFundsCondition.signalAll();

} catch (Exception e) {...}
finally {
// unlock lock object
balanceChangeLock.unlock();
}
}

// method to withdraw amount from bank account
public void withdraw(double amount) {

// set lock to block access to BankAccount from other threads
balanceChangeLock.lock();
try {
while (balance < amount) {
// temporarily unblock access
// until sufficient funds are available
sufficientFundsCondition.await();
}
double newBalance = balance - amount;
balance = newBalance;

} catch (Exception e) {...}
finally {
// unlock lock object
balanceChangeLock.unlock();
}
}
...
}
+ Potential Mitigations

Phase: Architecture and Design

Use a non-conflicting privilege scheme.

Phases: Architecture and Design; Implementation

Use synchronization when locking a resource.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory411Resource Locking Problems
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base667Improper Locking
Research Concepts (primary)1000
ChildOfCategoryCategory852CERT Java Secure Coding Section 07 - Visibility and Atomicity (VNA)
Weaknesses Addressed by the CERT Java Secure Coding Standard844
ChildOfCategoryCategory853CERT Java Secure Coding Section 08 - Locking (LCK)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOfCategoryCategory986SFP Secondary Cluster: Missing Lock
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant591Sensitive Data Storage in Improperly Locked Memory
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERInsufficient Resource Locking
CERT Java Secure CodingVNA00-JEnsure visibility when accessing shared primitive variables
CERT Java Secure CodingVNA02-JEnsure that compound operations on shared variables are atomic
CERT Java Secure CodingLCK00-JUse private final lock objects to synchronize classes that may interact with untrusted code
Software Fault PatternsSFP19Missing Lock
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Contributions
Contribution DateContributorOrganizationSource
2010-04-30Martin SeborCisco Systems, Inc. Content
Provided Demonstrative Example
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2010-06-21CWE Content TeamMITREInternal
updated Demonstrative_Examples
2010-09-27CWE Content TeamMITREInternal
updated Description, Name
2010-12-13CWE Content TeamMITREInternal
updated Demonstrative_Examples
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Demonstrative_Examples, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
Previous Entry Names
Change DatePrevious Entry Name
2010-09-27Insufficient Resource Locking

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017