Page History

When multiple threads can read or modify the same data, use synchronization techniques to avoid software flaws that can lead to security vulnerabilities. Concurrency problems can often result in abnormal termination or denial of service, but it is possible for them to result in more serious vulnerabilities.

...

This compliant solution uses a Microsoft Windows critical section object to make operations involving account_balance atomic . [MSDN].  In Windows parlance, a mutex is used to provide synchronization across process boundaries, and a critical section is restricted to providing synchronization across threads of the same process.

#include <Windows.h>

static int account_balance;
static CRITICAL_SECTION account_lock;
 
/* Must be initialized before used.use */
InitializeCriticalSection(&account_lock);
/* ... */

int debit(int amount) {
  EnterCriticalSection(&account_lock);
  account_balance -= amount;
  LeaveCriticalSection(&account_lock);

  return 0;   /* Indicate success */
}

int credit(int amount) {
  EnterCriticalSection(&account_lock);
  account_balance += amount;
  LeaveCriticalSection(&account_lock);
 
  return 0;   /* Indicate success */
}

...

This compliant solution uses the interlocked family of APIs on Windows to provide atomic access to the account_balance variable . [MSDN].  Note that account_balance uses the volatile LONG type to match the parameter type expected by InterlockedAdd(), and that there is no corresponding interlocked subtraction function, so amount is negated when performing a debit().

...

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

...