...
| Code Block | ||
|---|---|---|
| ||
int get_secret() {
int secret = (rand() % 100) + 100;
return secret;
}
|
Compliant Solution
The compliant solution uses a mutex to make each call to rand() function atomic.
| Code Block | ||
|---|---|---|
| ||
#include <threads.h> mtx_t rand_lock; int get_secret() { int secret; mtx_lock(&rand_lock) ; secret = (rand() % 100) + 100; mtx_unlock(&rand_lock); return secret; } void init(){ /* initialize a simple non-recursive mutex */ if(mtx_init(&rand_lock, mtx_plain) == thrd_error){ abort(); } /* other initialization code */ } |
Risk Assessment
Race conditions caused by multiple threads invoking the same library function can lead to abnormal termination of the application, data integrity violations or denial of service attack.
...