CWE-1265

Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

AI Translation Available

The product invokes code that is believed to be reentrant, but the code performs a call that unintentionally produces a nested invocation of the non-reentrant code.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

In a complex product, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call, even if that call is assumed to be reentrant. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently a concern in products that execute scripts from untrusted sources. Examples of such products are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.

Technical Details

AI Translation

Common Consequences

integrity

Impacts

unexpected state

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.

• When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread's message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.

AI Generated Translation

Common Consequences

integrità

Impacts

stato inaspettato

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Assicurati che il codice (ad esempio, funzione o classe) in questione sia ri-entrante evitando di utilizzare dati non locali, di modificare il proprio codice o di chiamare altro codice non ri-entrante.

• Quando si progetta un sistema che eseguirà codice non affidabile in risposta a eventi, si consiglia di eseguire gli handler di evento non affidabili in modo asincrono (messaggistica asincrona) anziché eseguirli in modo sincrono al momento in cui si verifica ogni evento. Il codice non affidabile dovrebbe essere eseguito all'inizio della successiva iterazione del ciclo di messaggi del thread. In questo modo, le chiamate a codice non reentrante sono strettamente serializzate, affinché ogni operazione si completi completamente prima che inizi la successiva. Particolare attenzione va dedicata a tutti i punti in cui la coercizione di tipo può portare all'esecuzione di script. Eseguire tutte le coercizioni necessarie all'inizio di un'operazione può contribuire a ridurre la probabilità che operazioni vengano eseguite in momenti inattesi.

CWE-1265

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter