Changing Contents of a String with PtrToStringChars

  • Thread starter Thread starter cppdev
  • Start date Start date
C

cppdev

What should happen if String contents are changed like below?
The contents do change and nothing crashed or anything.

String* str = S"hello";
Char __pin* ps = const_cast<Char*>(PtrToStringChars(str));
while(ps && *ps != 0)
(*ps++)='0';
Console::WriteLine(str);
 
What should happen if String contents are changed like below?
The contents do change and nothing crashed or anything.
Click to expand...

You could end up chaniging strings you don't expect. Just try

String* str = S"hello";
String* str2 = str;
Char __pin* ps = const_cast<Char*>(PtrToStringChars(str));
while(ps && *ps != 0)
(*ps++)='0';
Console::WriteLine(str);
Console::WriteLine(str2);

The CLR's string interning feature makes this even worse - you could
change strings in parts of the program you don't control.



Mattias
 
Thanx Mattias!

I didn't think of interning :)

But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?
 
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.
Click to expand...

Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?
Click to expand...

I would never say it's OK to do so.



Mattias
 
Yes I can. But TextControl can't. :)
Even if i use GetWindowText myself, i derive the key
using PasswordDeriveBytes which takes only string!
QAnd there are other cases also.

Mattias Sjögren said:
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.
Click to expand...

Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?
Click to expand...

I would never say it's OK to do so.



Mattias
Click to expand...
 
A (more?) serious problem is that there's probably no guarantee that there
aren't other, unreachable copies of the password text in the GC heap.
Unless you can clear all of them, you're probably only gaining a false sense
of security.

-cd
Yes I can. But TextControl can't. :)
Even if i use GetWindowText myself, i derive the key
using PasswordDeriveBytes which takes only string!
QAnd there are other cases also.

Mattias Sjögren said:
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.
Click to expand...

Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?
Click to expand...

I would never say it's OK to do so.



Mattias
Click to expand...
Click to expand...
 
Hi,

I am reviewing this post. Please feel free to let me know if you have any
problems or concerns.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
 
Hi!

I think it would be nice if String class provided a Clear method.
My concern is with the .net strings that they can remain
indefinitely in memory.
 
Hi,

Thanks for your response. As you know, .NET Framework introduces Garbage
Collection to manage the memory, that is, the String memory is also
controled by GC. Although we are able to force GC with explicit System.gc
calls, overuse can severely affect performance. I strongly recommend you
the following articles on GC:

Garbage Collection: Automatic Memory Management in the Microsoft .NET
Framework
http://msdn.microsoft.com/msdnmag/issues/1100/GCI/default.aspx

Garbage Collection¡ªPart 2: Automatic Memory Management in the Microsoft
.NET Framework
http://msdn.microsoft.com/msdnmag/issues/1200/GCI2/default.aspx

I look forward to your feedback.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
 
Hi,

Thanks a lot for your feedback. Now that I understand your concerns, I will
report it to our Development Team and I believe they will take it into
consideration for the future version of .NET Framewok.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
 
Back
Top