CWE-1341
Alerte pour un CWE
Multiple Releases of Same Resource or Handle
Extended Description
Code typically requires "opening" handles or references to resources such as memory, files, devices, socket connections, services, etc. When the code is finished with using the resource, it is typically expected to "close" or "release" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors - or in some cases, within the same process. API functions or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languages.
Unfortunately, the implementation or design of such APIs might expect the developer to be responsible for ensuring that such APIs are only called once per release of the resource. If the developer attempts to release the same resource/handle more than once, then the API's expectations are not met, resulting in undefined and/or insecure behavior. This could lead to consequences such as memory corruption, data corruption, execution path corruption, or other consequences.
Note that while the implementation for most (if not all) resource reservation allocations involve a unique identifier/pointer/symbolic reference, then if this identifier is reused, checking the identifier for resource closure may result in a false state of openness and closing of the wrong resource. For this reason, reuse of identifiers is discouraged.
Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Name: Java (Undetermined)Name: Rust (Undetermined)
Class: Not Language-Specific (Undetermined)
Name: C (Undetermined)
Name: C++ (Undetermined)
Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Availability Integrity | DoS: Crash, Exit, or Restart | Medium |
Observed Examples
| Reference | Description |
|---|---|
| file descriptor double close can cause the wrong file to be associated with a file descriptor. | |
| Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415). | |
| Double free resultant from certain error conditions. |
Potential Mitigations
Phases : ImplementationChange the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
Phases : Implementation
It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
Phases : Implementation
When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.
Detection Methods
Automated Static Analysis
For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue.Automated Dynamic Analysis
Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness.Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notes
The terms related to "release" may vary depending on the type of resource, programming language, specification, or framework. "Close" has been used synonymously for the release of resources like file descriptors and file handles. "Return" is sometimes used instead of Release. "Free" is typically used when releasing memory or buffers back into the system for reuse.References
REF-1198
close - Perldoc Browserhttps://perldoc.perl.org/functions/close
REF-1199
io - Core tools for working with streams — Python 3.9.7 documentationhttps://docs.python.org/3.9/library/io.html#io.IOBase.close
REF-1200
FileOutputStream (Java Platform SE 7 )https://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html
REF-1201
FileOutputStream (Java SE 11 & JDK 11 )https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/FileOutputStream.html
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 4.6 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Potential_Mitigations | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
