HttpClient leaves info about requests and responses in process memory dump

[Henk72542]

Description

HttpClient leaves information about requests in a memory dump, for example, Post content is visible in plain text. Object disposal does not help, response is not assigned to any long-living global variable. Even tried to call the Garbage collector explicitly, but the result is the same.

It is an issue because memory dump could be collected without admin permission and theoretically some malicious service could collect sensitive data from request/response content.

Reproduction Steps

1. Build a simple app that does HttpRequest. For example, I used a console app, but overall there is no difference:

using System.Text;

namespace HttpClientTestApp
{
    internal class Program
    {
        static async Task Main(string[] args)
        {
            using (HttpClient client = new HttpClient())
            {
                var url = "http://ptsv3.com/t/55/post/";
                var content = new StringContent("{\"key\":\"ValueNotExpectedInMemoryDump\"}", Encoding.UTF8, "application/json");

                await client.PostAsync(url, content);
            }

            Console.ReadLine();
        }
    }
}

2. Launch the app and collect its memory dump. I just went to Windows task manager, found my process, right-clicked on it and chose Create memory dump file.
3. Open the memory dump file with your preferred text editor and try to search for content value. In example code case: ValueNotExpectedInMemoryDump

Expected behavior

Where should there be no info about request/response content

Actual behavior

You can find info about request/response content in plain text

Regression?

Managed to achieve the same result with .NET 7 and .NET 8. Didn't try older versions.

Operating system used: Windows 10 and Windows 11, I think the build of Windows is not important.

Known Workarounds

No response

Configuration

No response

Other information

No response

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

[MihaZupan]

If a malicious service has access to your memory dumps and/or the memory of your processes, you've already lost. They could also dump the memory while you're in the middle of making a request.

While certain components may try to avoid leaving information in memory (like crypto material) as a defense in depth measure, information that was in managed memory at some point may stay there. It's a non-goal for the networking stack to ensure all such data is immediately cleared from memory.

[huoyaoyuan]

This is not actionable at all. The memory pages of GC heap are only cleared when they are prepared for new usage.

It is an issue because memory dump could be collected without admin permission and theoretically some malicious service could collect sensitive data from request/response content.

This is not an issue can be handled. Another process with the same privilege can also invoke debugger API, and read/write the memory of current process, to control the execution of the process totally. The content currently in use can always be discovered in memory dump.

To prevent such inspection from other process, privilege or user level isolation from operating system must be involved.