netcore: teach TdsParserStateObject to clear the buffer after a password has been written to it

edwardneal · edwardneal · commit dcd231eb4157 · 2025-09-05T19:28:31.000+01:00
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs
@@ -215,8 +215,10 @@ private uint GetSniPacket(PacketHandle packet, ref uint dataSize)
             return SniPacketGetData(packet, _inBuff, ref dataSize);
         }
 
-        private void SetBufferSecureStrings()
+        private bool TrySetBufferSecureStrings()
         {
+            bool mustClearBuffer = false;
+
             if (_securePasswords != null)
             {
                 for (int i = 0; i < _securePasswords.Length; i++)
@@ -240,6 +242,8 @@ private void SetBufferSecureStrings()
                             }
                             TdsParserStaticMethods.ObfuscatePassword(data);
                             data.CopyTo(_outBuff, _securePasswordOffsetsInBuffer[i]);
+
+                            mustClearBuffer = true;
                         }
                         finally
                         {
@@ -248,6 +252,8 @@ private void SetBufferSecureStrings()
                     }
                 }
             }
+
+            return mustClearBuffer;
         }
 
         public void ReadAsyncCallback(PacketHandle packet, uint error) =>
@@ -738,9 +744,13 @@ private Task WriteSni(bool canAccumulate)
         {
             // Prepare packet, and write to packet.
             PacketHandle packet = GetResetWritePacket(_outBytesUsed);
+            bool mustClearBuffer = TrySetBufferSecureStrings();
 
-            SetBufferSecureStrings();
             SetPacketData(packet, _outBuff, _outBytesUsed);
+            if (mustClearBuffer)
+            {
+                _outBuff.AsSpan(0, _outBytesUsed).Clear();
+            }
 
             Debug.Assert(Parser.Connection._parserLock.ThreadMayHaveLock(), "Thread is writing without taking the connection lock");
             Task task = SNIWritePacket(packet, out _, canAccumulate, callerHasConnectionLock: true);

Original file line number	Diff line number	Diff line change
`@@ -215,8 +215,10 @@ private uint GetSniPacket(PacketHandle packet, ref uint dataSize)`
`215`	`215`	`return SniPacketGetData(packet, _inBuff, ref dataSize);`
`216`	`216`	`}`
`217`	`217`
`218`		`- private void SetBufferSecureStrings()`
	`218`	`+ private bool TrySetBufferSecureStrings()`
`219`	`219`	`{`
	`220`	`+ bool mustClearBuffer = false;`
	`221`	`+`
`220`	`222`	`if (_securePasswords != null)`
`221`	`223`	`{`
`222`	`224`	`for (int i = 0; i < _securePasswords.Length; i++)`
`@@ -240,6 +242,8 @@ private void SetBufferSecureStrings()`
`240`	`242`	`}`
`241`	`243`	`TdsParserStaticMethods.ObfuscatePassword(data);`
`242`	`244`	`data.CopyTo(_outBuff, _securePasswordOffsetsInBuffer[i]);`
	`245`	`+`
	`246`	`+ mustClearBuffer = true;`
`243`	`247`	`}`
`244`	`248`	`finally`
`245`	`249`	`{`
`@@ -248,6 +252,8 @@ private void SetBufferSecureStrings()`
`248`	`252`	`}`
`249`	`253`	`}`
`250`	`254`	`}`
	`255`	`+`
	`256`	`+ return mustClearBuffer;`
`251`	`257`	`}`
`252`	`258`
`253`	`259`	`public void ReadAsyncCallback(PacketHandle packet, uint error) =>`
`@@ -738,9 +744,13 @@ private Task WriteSni(bool canAccumulate)`
`738`	`744`	`{`
`739`	`745`	`// Prepare packet, and write to packet.`
`740`	`746`	`PacketHandle packet = GetResetWritePacket(_outBytesUsed);`
	`747`	`+ bool mustClearBuffer = TrySetBufferSecureStrings();`
`741`	`748`
`742`		`- SetBufferSecureStrings();`
`743`	`749`	`SetPacketData(packet, _outBuff, _outBytesUsed);`
	`750`	`+ if (mustClearBuffer)`
	`751`	`+ {`
	`752`	`+ _outBuff.AsSpan(0, _outBytesUsed).Clear();`
	`753`	`+ }`
`744`	`754`
`745`	`755`	`Debug.Assert(Parser.Connection._parserLock.ThreadMayHaveLock(), "Thread is writing without taking the connection lock");`
`746`	`756`	`Task task = SNIWritePacket(packet, out _, canAccumulate, callerHasConnectionLock: true);`