[Haskell-cafe] base64-bytestring memory corruption bug

Emily Pillmore emilypi at cohomolo.gy
Fri Aug 13 00:24:20 UTC 2021


Happy to announce https://hackage.haskell.org/package/base64-bytestring-1.2.1.0 , with the fix.

Thanks again for raising this. For future versions, there I'd like to put out an open invitation to the community  to help harden the existing baseN libraries. Feel free to get in touch with me on their respective issue trackers.

Cheers,

Emily

On Tue, Aug 03, 2021 at 2:44 PM, Hécate < hecate at glitchbra.in > wrote:

> 
> 
> 
> Wonderful, happy to know it's been resolved!
> 
> 
> 
> Le 03/08/2021 à 05:40, Fraser Tweedale a écrit :
> 
> 
>> 
>> 
>> A new proposed fix is being discussed in
>> https:/ / github. com/ haskell/ base64-bytestring/ pull/ 46 (
>> https://github.com/haskell/base64-bytestring/pull/46 ).
>> 
>> 
>> 
>> Expect a fix merged and new release sometime in the next few days.
>> 
>> 
>> 
>> Big thanks to all involved in pinpointing and resolving this issue.
>> 
>> 
>> 
>> Cheers,
>> Fraser
>> 
>> 
>> 
>> On Mon, Aug 02, 2021 at 11:52:52PM +0200, Hécate wrote:
>> 
>> 
>>> 
>>> 
>>> Hi Fraser, do you have further information about this situation?
>>> 
>>> 
>>> 
>>> Le 25/07/2021 à 07:50, Fraser Tweedale a écrit :
>>> 
>>> 
>>>> 
>>>> 
>>>> Hello,
>>>> 
>>>> 
>>>> 
>>>> I want to bring to wider attention a memory bug present in
>>>> base64-bytestring[1]. In summary, in some cases too few bytes are
>>>> allocated for the output when performing base64url decoding. This can lead
>>>> to memory corruption (which I have observed[2]), and possibly crashes
>>>> (which I have not observed).
>>>> 
>>>> 
>>>> 
>>>> I submitted a pull request[2] that fixes the issue some days ago, but did
>>>> not receive a response from the maintainers yet. I understand that
>>>> maintainers may be busy or unavailable, and that is fine. So I am posting
>>>> here mainly to ensure that USERS are aware of the issue.
>>>> 
>>>> 
>>>> 
>>>> To maintainers: let me know if I can provider further assistance to
>>>> resolve this issue and release a fix.
>>>> 
>>>> 
>>>> 
>>>> [1] https:/ / github. com/ haskell/ base64-bytestring/ issues/ 44 (
>>>> https://github.com/haskell/base64-bytestring/issues/44 )
>>>> [2] https:/ / github. com/ frasertweedale/ hs-jose/ issues/ 102 (
>>>> https://github.com/frasertweedale/hs-jose/issues/102 )
>>>> [3] https:/ / github. com/ haskell/ base64-bytestring/ pull/ 45 (
>>>> https://github.com/haskell/base64-bytestring/pull/45 )
>>>> 
>>>> 
>>>> 
>>>> Thanks,
>>>> Fraser
>>>> _______________________________________________
>>>> Haskell-Cafe mailing list
>>>> To (un)subscribe, modify options or view archives go to: http:/ / mail. haskell.
>>>> org/ cgi-bin/ mailman/ listinfo/ haskell-cafe (
>>>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe ) Only
>>>> members subscribed via the mailman list are allowed to post.
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Hécate ✨
>>> 🐦: @TechnoEmpress
>>> IRC: Hecate
>>> WWW: https:/ / glitchbra. in ( https://glitchbra.in/ )
>>> RUN: BSD
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Haskell-Cafe mailing list
>>> To (un)subscribe, modify options or view archives go to: http:/ / mail. haskell.
>>> org/ cgi-bin/ mailman/ listinfo/ haskell-cafe (
>>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe ) Only
>>> members subscribed via the mailman list are allowed to post.
>>> 
>>> 
>> 
>> 
> 
> 
> 
> --
> Hécate ✨
> 🐦: @TechnoEmpress
> IRC: Hecate
> WWW: https:/ / glitchbra. in ( https://glitchbra.in/ )
> RUN: BSD
> 
> 
> 
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to: http:/ / mail. haskell.
> org/ cgi-bin/ mailman/ listinfo/ haskell-cafe (
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe ) Only
> members subscribed via the mailman list are allowed to post.
> 
> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20210813/df90f33d/attachment.html>


More information about the Haskell-Cafe mailing list