0

Are C# variables (including arrays) cleared upon function return? If I save sensitive data such as passwords in a function and don't clear it after I use it, would an attacker be able to view the data if he has access to a memory dump at that point in time, and knowledge of the specific memory address?

user1118764
  • 9,255
  • 18
  • 61
  • 113
  • Yes they survive until the garbage collector cleans them up – TheGeneral Mar 08 '18 at 06:30
  • seems duplicate - https://stackoverflow.com/questions/10422989/what-happens-to-object-after-local-scope – AsfK Mar 08 '18 at 06:31
  • if yes the local variable which stored the password, as soon as you are returned from method, this variable will be marked as weak reference, so in next cycle by garbage collector it will be removed from memory, but in between if someone can access memory dump, it might be accessible to them – Deepak Sharma Mar 08 '18 at 06:32
  • Yes, there is an automatic garbage collector provided with .NET Framework. It clears the unused memory automatically. But you can't be sure when GC clears a particular object. So if you want to be dead sure then you should call GC manually. Refer to this question: [How to force garbage collector to run?](https://stackoverflow.com/questions/4257372/how-to-force-garbage-collector-to-run). – Mushif Ali Nawaz Mar 08 '18 at 06:33
  • 7
    Consider using [SecureString](https://learn.microsoft.com/en-au/dotnet/api/system.security.securestring?view=netframework-4.7.1) for sensitive data if possible. – Ilian Mar 08 '18 at 06:37
  • @MushifAliNawaz This does not guarantee that a particular object gets cleared and in general it’s a bad design to directly interact with the garbage collection. If you want to remove sensitive data you need to scrub the data yourself, i.e. by overwriting it with 0s or store your data in protected/encrypted form in the first place like using SecureString. – ckuri Mar 08 '18 at 07:10
  • Also bear in mind that collectable objects may have already been moved in the heap by previous collections so there may be multiple copies of your data sitting in the heap that wouldn't be cleared even if you write code to explicitly clear the *current* location of the object. – Damien_The_Unbeliever Mar 08 '18 at 07:54
  • 1
    If your threat model is "someone might take a memory dump", you've probably already lost. Why would they wait until your function returns to take the dump? – Damien_The_Unbeliever Mar 08 '18 at 07:54
  • @Damien_The_Unbeliever And I thought all the GC does is free the memory, not overwrite it immediatly. Is that correct? So if I am right, then even after GC the memory would be _available_ but not necessarily "cleared" in the sense that its contents is cleared out. Am I correct? – Fildor Mar 08 '18 at 08:11
  • @Fildor - correct. There's no clearing function. – Damien_The_Unbeliever Mar 08 '18 at 08:15

1 Answers1

-1

In C#, data is not cleared immediately after function return.
Since that language has lazy garbage collection, objects (and arrays are objects) are not destroyed immediately. Instead, they stay until Common Language Runtime decides to release that memory.
That is not the case for structs and value types, however. They are stored on stack and cleared upon function return. For protecting your data, consider using IDisposable interface and manually setting all array members to their default value.

Кирилл Глазырин
  • 335
  • 4
  • 11
  • What is "clear" exactly in this context? I assume it is just "the memory is available", not "the memory is overwritten" – Hans Kesting Mar 08 '18 at 07:23
  • Even if you implement `IDisposable`, you're only clearing data wherever it *currently* resides. Unless you pinned your buffer throughout its lifetime, it may have resided in multiple memory locations due to other GCs occurring and the other locations may not have been overwritten. – Damien_The_Unbeliever Mar 08 '18 at 07:57