When multiple threads can read or modify the same data, use mutual exclusion primitives to avoid software flaws that could lead to security vulnerabilities. Concurrency problems can often result in abnormal termination or denial of service, but it is possible for them to result in more serious vulnerabilities.
Non-Compliant Code Example
int account_balance;
void debit(int amount)
{
account_balance \-= amount;
}
void credit(int amount)
{
account_balance \+= amount;
}
Compliant Solution
int account_balance;
mutex_t account_lock;
void debit(int amount)
{
mutex_lock(&account_lock);
account_balance \-= amount;
mutex_unlock(&account_lock);
}
void credit(int amount)
{
mutex_lock(&account_lock);
account_balance \+= amount;
mutex_unlock(&account_lock);
}
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC06-A |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |
References
[[Seacord 05]] Chapter 7, "File I/O"