#2: "Don't use this on pathological input; it may not be secure"

libbz2 bindings for Haskell

#2"Don't use this on pathological input; it may not be secure"

The documentation is not crystal clear on the source of the insecurity of the Codec.Compression.BZip.decompress function. Is it because the underlying C library is insecure in its treatment of pathological input or is it because the bz2 package uses the C library wrongly? Or, is it because of theoretical concerns like the use of unsafeIOToST? Or, is the documentation just trying to express a warning about undiscovered vulns in the underlying C library?

More importantly, as a user I can't tell whether I should be more concerned about getting pwned when using this library than when using the underlying C library directly or the bunzip2 command.

Can this part of the documentation be made clearer? At face value, it sounds like a warning to just not use the decompress function at all because typically users can't tell whether the input is pathological.

jchia Thu May 7 15:43:57 UTC 2020
- description updated
jchia Thu May 7 15:44:35 UTC 2020
- description updated
jchia Thu May 7 15:46:38 UTC 2020
- description updated
jchia Thu May 7 15:48:05 UTC 2020
- description updated
jchia Thu May 7 15:52:16 UTC 2020
- description updated
Vanessa McHalde Thu May 7 16:22:30 UTC 2020
Hi,

Have a look at section 3.2 of the manual: https://sourceware.org/bzip2/manual/manual.html#err-handling

It's designed to work with random corrupt data, but the author says he is not "100% sure" - it's from the underlying bzip2 library

Cheers!

hub.darcs.net :: vmchale -> bz2 -> issue

#2"Don't use this on pathological input; it may not be secure"