Insufficient Locking
Weakness ID: 667 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not properly acquire a lock on a resource, leading to unexpected resource state changes and behaviors.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect
Availability

Inconsistent locking discipline can lead to deadlock.

+ Demonstrative Examples

Example 1

In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.

(Bad Code)
Example Language: Java 
private long someLongValue;
public long getLongValue() {
return someLongValue;
}

public void setLongValue(long l) {
someLongValue = l;
}
+ Potential Mitigations

Use industry standard APIs to implement locking mechanism.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base662Insufficient Synchronization
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts1000
ChildOfCategoryCategory748CERT C Secure Coding Section 50 - POSIX (POS)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOfWeakness BaseWeakness Base412Unrestricted Externally Accessible Lock
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base413Insufficient Resource Locking
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base414Missing Lock Check
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base609Double-Checked Locking
Research Concepts1000
ParentOfWeakness VariantWeakness Variant764Multiple Locks of a Critical Resource
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant765Multiple Unlocks of a Critical Resource
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingPOS31-CDo not unlock or destroy another thread's mutex
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
26Leveraging Race Conditions
27Leveraging Race Conditions via Symbolic Links
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns
2009-05-27CWE Content TeamMITREInternal
updated Relationships
2009-07-27CWE Content TeamMITREInternal
updated Common Consequences