CWE - CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (2.4)

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness ID: 835 (Weakness Base)

Status: Incomplete

Description

Description Summary

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Extended Description

If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

Applicable Platforms

Languages

Language-independent

Common Consequences

Scope	Effect
Availability	Technical Impact: DoS: resource consumption (CPU); DoS: resource consumption (memory); DoS: amplification An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.

Demonstrative Examples

Example 1

In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.

(Bad Code)

Example Languages: C and C++

int processMessagesFromServer(char *hostaddr, int port) {

...

int servsock;

int connected;

struct sockaddr_in servaddr;

// create socket to connect to server

servsock = socket( AF_INET, SOCK_STREAM, 0);

memset( &servaddr, 0, sizeof(servaddr));

servaddr.sin_family = AF_INET;

servaddr.sin_port = htons(port);

servaddr.sin_addr.s_addr = inet_addr(hostaddr);

do {

// establish connection to server

connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));

// if connected then read and process messages from server

if (connected > -1) {

// read and process messages

...

}

// keep trying to establish connection to the server

} while (connected < 0);

// close socket and return success or failure

...

}

However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.

(Good Code)

Example Languages: C and C++

int processMessagesFromServer(char *hostaddr, int port) {

...

// initialize number of attempts counter

int count = 0;

do {

// establish connection to server

connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));

// increment counter

count++;

// if connected then read and process messages from server

if (connected > -1) {

// read and process messages

...

}

// keep trying to establish connection to the server

// up to a maximum number of attempts

} while (connected < 0 && count < MAX_ATTEMPTS);

// close socket and return success or failure

...

}

Example 2

For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.

(Bad Code)

Example Language: Java

public boolean isReorderNeeded(String bookISBN, int rateSold) {

boolean isReorder = false;

int minimumCount = 10;

int days = 0;

// get inventory count for book

int inventoryCount = inventory.getIventoryCount(bookISBN);

// find number of days until inventory count reaches minimum

while (inventoryCount > minimumCount) {

inventoryCount = inventoryCount - rateSold;

days++;

}

// if number of days within reorder timeframe

// set reorder return boolean to true

if (days > 0 && days < 5) {

isReorder = true;

}

return isReorder;

}

However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code.

(Good Code)

Example Language: Java

public boolean isReorderNeeded(String bookISBN, int rateSold) {

...

// validate rateSold variable

if (rateSold < 1) {

return isReorder;

}

...

}

Observed Examples

Reference	Description
CVE-2011-1027	Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.
CVE-2011-1142	Chain: self-referential values in recursive definitions lead to infinite loop.
CVE-2011-1002	NULL UDP packet is never cleared from a queue, leading to infinite loop.
CVE-2010-4476	Floating point conversion routine cycles back and forth between two different values.
CVE-2010-4645	Floating point conversion routine cycles back and forth between two different values.
CVE-2010-2534	Chain: improperly clearing a pointer in a linked list leads to infinite loop.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Base	834	Excessive Iteration	Development Concepts (primary)699 Research Concepts (primary)1000
MemberOf	View	884	CWE Cross-section	CWE Cross-section (primary)884

References

[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 7, "Looping Constructs", Page 327.. 1st Edition. Addison Wesley. 2006.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2011-03-22		MITRE	Internal CWE Team
2011-03-22
Modifications
Modification Date	Modifier	Organization	Source
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11	CWE Content Team	MITRE	Internal
2012-05-11	updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us