This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Race condition in switch"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new162.html asian american artists ] [http://s1.shard.jp/losaul/limousine-hire.html online toy shop australia ] [http://s1.shard.jp/galeach/new149.html camtasia 2.1.1 serial ] [http://s1.shard.jp/frhorton/xy928lwhl.html timeline on african americans music ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/losaul/australian-residency.html coin op australia ] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/galeach/new4.html asian filipina lady pal pen ] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/chery-automobile.html semi auto sten gun ] [http://s1.shard.jp/frhorton/qwl7aihru.html ostrich farms in south africa ] [http://s1.shard.jp/bireba/norotn-antivirus.html virus and antivirus ] [http://s1.shard.jp/olharder/auto-buy-com.html grand theft auto vice city money cheat ] [http://s1.shard.jp/bireba/avg-60-antivirus.html avg 6.0 antivirus serial number] [http://s1.shard.jp/bireba/computer-associates.html norten antivirus download ] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/frhorton/iyc9ldho5.html recent inventions by african americans ] [http://s1.shard.jp/frhorton/yvqavqw7n.html timeshare south africa ] [http://s1.shard.jp/bireba/ravantivirus.html ravantivirus update] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/frhorton/kvvijfhfe.html african lioness ] [http://s1.shard.jp/galeach/new7.html best asian massage ] [http://s1.shard.jp/frhorton/c1k98s3rt.html electrical suppliers south africa ] [http://s1.shard.jp/bireba/avg-vs-avast.html how to completely remove norton antivirus 2004 ] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/losaul/compare-flights.html vodafone prepaid deals australia ] [http://s1.shard.jp/losaul/mazda-australia.html smiths beach western australia ] [http://s1.shard.jp/frhorton/4bgszojmg.html robert kennedy speech south africa ] [http://s1.shard.jp/galeach/new153.html asian geek.com previews.isa ] [http://s1.shard.jp/galeach/new1.html asia in tallest woman ] [http://s1.shard.jp/galeach/new102.html budget vacations asia ] [http://s1.shard.jp/olharder/vancouver-auto.html autoridad de definicion ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/frhorton/tiwomyd3z.html african american for girl hair style little ] [http://s1.shard.jp/bireba/downloads-antivirus.html openantivirus ] [http://s1.shard.jp/galeach/new178.html asian gift collectible ] [http://s1.shard.jp/losaul/job-agencies-sydney.html job agencies sydney australia] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/bireba/stinger-antivirus.html update for avg antivirus ] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association ] [http://s1.shard.jp/frhorton/nypq37a4u.html african american ghana immigration] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus linux freeware ] [http://s1.shard.jp/olharder/auto-automotriz.html automatic skeet throwers ] [http://s1.shard.jp/galeach/new6.html asian newcomer ] [http://s1.shard.jp/losaul/australian-landrover.html australias holidays ] [http://s1.shard.jp/olharder/aa-auto-route-planner.html manatoba auto racing ] [http://s1.shard.jp/galeach/new177.html sex club asian girl ] [http://s1.shard.jp/bireba/antivirus-free-download.html etrust ez antivirus review ] 
 
 
{{template:CandidateForDeletion}}
 
{{template:CandidateForDeletion}}
  

Latest revision as of 12:50, 3 June 2009

Template:CandidateForDeletion 

#REDIRECT Race Conditions



Last revision (mm/dd/yy): 06/3/2009


Description

If the variable which is switched on is changed while the switch statement is still in progress, undefined activity may occur.

Consequences

  • Undefined: This flaw will result in the system state going out of sync.

Exposure period

  • Implementation: Variable locking is the purview of implementers.

Platform

  • Languages: All that allow for multi-threaded activity
  • Operating platforms: All

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break.

If the variable which we are switching on change in the course of execution, the actions carried out may place the state of the process in a contradictory state or even result in memory corruption.

For this reason, it is important to ensure that all variables involved in switch statements are locked before the statement starts and are unlocked when the statement ends.


Risk Factors

TBD

Examples

In C/C++: 

#include <sys/types.h>
#include <sys/stat.h>

int main(argc,argv){
        struct stat *sb;
        time_t timer;

        lstat("bar.sh",sb);

        printf("%d\n",sb->st_ctime);
        switch(sb->st_ctime % 2){
                case 0: printf("One option\n");break;
                case 1: printf("another option\n");break;
                default: printf("huh\n");break;
        }

        return 0;
}


Related Attacks


Related Vulnerabilities

Related Controls

  • Implementation: Variables that may be subject to race conditions should be locked for the duration of any switch statements.


Related Technical Impacts


References

TBD

Retrieved from "https://wiki.owasp.org/index.php?title=Race_condition_in_switch&oldid=63503"