CWE-460: Improper Cleanup on Thrown Exception

Description

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Extended Description

Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Common Consequences

Impact: Varies by Context — Notes: The code could be left in a bad state.

Potential Mitigations

Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely. (N/A)

Applicable Platforms

C (N/A, Undetermined)
C++ (N/A, Undetermined)
Java (N/A, Undetermined)
C# (N/A, Undetermined)

Demonstrative Examples

Intro: The following example demonstrates the weakness.

Body: In this case, a thread might be left locked accidentally.

public class foo { public static final void main( String args[] ) { boolean returnValue; returnValue=doStuff(); } public static final boolean doStuff( ) { boolean threadLock; boolean truthvalue=true; try { while( //check some condition ) { threadLock=true; //do some stuff to truthvalue threadLock=false; } } catch (Exception e){ System.err.println("You did something bad"); if (something) return truthvalue; } return truthvalue; } }

Notes

No notes available.

← Back to CWE list