Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-479 (信号处理例程中使用不可再入的函数) — Vulnerability Class 1

1 vulnerabilities classified as CWE-479 (信号处理例程中使用不可再入的函数). AI Chinese analysis included.

CWE-479 represents a critical concurrency weakness where a signal handler invokes a non-reentrant function, violating the assumption that such routines can be safely interrupted and recalled. This flaw typically manifests when asynchronous signals, such as interrupts or exceptions, preempt the execution of a function that maintains internal state or uses static data structures. If the signal arrives while the function is mid-execution, the re-entry causes memory corruption, data inconsistency, or unpredictable system states, potentially leading to denial of service or code execution. Developers mitigate this risk by ensuring signal handlers only call async-signal-safe functions, which are guaranteed to be reentrant. Alternatively, they can defer complex processing to a separate thread or context, ensuring that the handler performs minimal, safe operations before returning control to the interrupted flow, thereby preserving system integrity and preventing race conditions.

MITRE CWE Description
The product defines a signal handler that calls a non-reentrant function. Non-reentrant functions are functions that cannot safely be called, interrupted, and then recalled before the first call has finished without resulting in memory corruption. This can lead to an unexpected system state and unpredictable results with a variety of potential consequences depending on context, including denial of service and code execution. Many functions are not reentrant, but some of them can result in the corruption of memory if they are used in a signal handler. The function call syslog() is an example of this. In order to perform its functionality, it allocates a small amount of memory as "scratch space." If syslog() is suspended by a signal call and the signal handler calls syslog(), the memory used by both of these functions enters an undefined, and possibly, exploitable state. Implementations of malloc() and free() manage metadata in global structures in order to track which memory is allocated versus which memory is available, but they are non-reentrant. Simultaneous calls to these functions can cause corruption of the metadata.
Common Consequences (2)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
It may be possible to execute arbitrary code through the use of a write-what-where condition.
IntegrityModify Memory, Modify Application Data
Signal race conditions often result in data corruption.
Mitigations (4)
RequirementsRequire languages or libraries that provide reentrant functionality, or otherwise make it easier to avoid this weakness.
Architecture and DesignDesign signal handlers to only set flags rather than perform complex functionality.
ImplementationEnsure that non-reentrant functions are not found in signal handlers.
ImplementationUse sanity checks to reduce the timing window for exploitation of race conditions. This is only a partial solution, since many attacks might fail, but other attacks still might work within the narrower window, even accidentally.
Effectiveness: Defense in Depth
Examples (1)
In this example, a signal handler uses syslog() to log a message:
char *message; void sh(int dummy) { syslog(LOG_NOTICE,"%s\n",message); sleep(10); exit(0); } int main(int argc,char* argv[]) { ... signal(SIGHUP,sh); signal(SIGTERM,sh); sleep(10); exit(0); } If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state.
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-26948 HTMLDOC 代码问题漏洞 — htmldoc 7.8 -2022-03-03

Vulnerabilities classified as CWE-479 (信号处理例程中使用不可再入的函数) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.