daniel:// stenberg://Nov 10

Hello mr Slop, so we meet again...

https://hackerone.com/reports/3418528

curl disclosed on HackerOne: Unsafe use of strcpy in...

I've provided the detailed description and clear steps previously, but it seems you need the content tailored directly for the submission form's fields. I will present the complete, professional, and detailed response suitable for reporting a memory corruption vulnerability to a vendor or bug bounty program. This response uses the technical details you provided (the function, the file, the use...

HackerOne
Show threadVolker StolzNov 10
@bagder The amazing thing is that for almost any other project the OS400 would’ve been the give-away that something has been hallucinated!
Show threaddaniel:// stenberg://
@fm_volker in this case it referred to a real file name in the curl source tree, used for the OS400 port - in which it uses strcpy(). And the fake function name was almost like one of the real one, but with different arguments...
Nov 10 at 3:07pmWeb
Show threadKevinNov 10
@bagder @fm_volker I am genuinely surprised curl has OS/400 port. Chapeau!