CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness ID: 835
Abstraction: Base
Structure: Simple
Status: Incomplete
Presentation Filter:
+ Description
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
+ Extended Description
If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
+ Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfBaseBase834Excessive Iteration
+ Relevant to the view "Development Concepts" (CWE-699)
NatureTypeIDName
ChildOfBaseBase834Excessive Iteration
+ Applicable Platforms
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

(Language-Independent classes): (Undetermined Prevalence)

+ Common Consequences

The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

ScopeImpactLikelihood
Availability

Technical Impact: DoS: Resource Consumption (CPU); DoS: Resource Consumption (Memory); DoS: Amplification

An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.
+ Demonstrative Examples

Example 1

In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.

(bad)
Example Language:
int processMessagesFromServer(char *hostaddr, int port) {
...
int servsock;
int connected;
struct sockaddr_in servaddr;
// create socket to connect to server

servsock = socket( AF_INET, SOCK_STREAM, 0);
memset( &servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(port);
servaddr.sin_addr.s_addr = inet_addr(hostaddr);

do {
// establish connection to server
connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));
// if connected then read and process messages from server

if (connected > -1) {
// read and process messages

...

}
// keep trying to establish connection to the server

} while (connected < 0);
// close socket and return success or failure

...

}

However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.

(good)
Example Language:
int processMessagesFromServer(char *hostaddr, int port) {
...
// initialize number of attempts counter

int count = 0;
do {
// establish connection to server
connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));
// increment counter

count++;
// if connected then read and process messages from server

if (connected > -1) {
// read and process messages

...

}
// keep trying to establish connection to the server
// up to a maximum number of attempts

} while (connected < 0 && count < MAX_ATTEMPTS);
// close socket and return success or failure

...

}

Example 2

For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.

(bad)
Example Language: Java 
public boolean isReorderNeeded(String bookISBN, int rateSold) {

boolean isReorder = false;

int minimumCount = 10;
int days = 0;
// get inventory count for book

int inventoryCount = inventory.getIventoryCount(bookISBN);
// find number of days until inventory count reaches minimum

while (inventoryCount > minimumCount) {

inventoryCount = inventoryCount - rateSold;
days++;

}
// if number of days within reorder timeframe
// set reorder return boolean to true

if (days > 0 && days < 5) {
isReorder = true;

}

return isReorder;

}

However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code.

(good)
Example Language: Java 
public boolean isReorderNeeded(String bookISBN, int rateSold) {
...
// validate rateSold variable

if (rateSold < 1) {
return isReorder;

}

...

}
+ Observed Examples
ReferenceDescription
Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.
Chain: self-referential values in recursive definitions lead to infinite loop.
NULL UDP packet is never cleared from a queue, leading to infinite loop.
Floating point conversion routine cycles back and forth between two different values.
Floating point conversion routine cycles back and forth between two different values.
Chain: improperly clearing a pointer in a linked list leads to infinite loop.
+ Memberships
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
NatureTypeIDName
MemberOfViewView884CWE Cross-section
+ References
[REF-62] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 7, "Looping Constructs", Page 327.. 1st Edition. Addison Wesley. 2006.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2011-03-22CWE Content TeamMITRE
Modifications
Modification DateModifierOrganizationSource
2011-06-01CWE Content TeamMITRE
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITRE
updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings
2017-11-08CWE Content TeamMITRE
updated Demonstrative_Examples

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017