strcpy can cause a buffer overflow

user finds strcpy in #curl code

user files a CRITICAL security report against #curl for using strcpy in source code. Proof? Well he did grep the code and shows that it does indeed use strcpy...

Never a dull moment.

@bagder this reminds me of reports of missing spf records for pidgin domains we weren't running email on.. Or the lack of DNSSEC on pidgin.im when .im domains don't support DNSSEC...

@bagder This being the same one with the explicit bounds check just 1 line before?

@ben it is certainly in the same spirit

@bagder now you have to pay a 10.000€ bug bounty! /s

@bagder I hope he's directly reserved a CVE and already wrote a Medium post about his discovery which he will release in two weeks after the responsible disclosure period.

@bagder POV: the kind of person AI can easily replace

@bagder Let me guess, the overflow can be triggered if the user specifies a ridiculously long option?

@dtomvan I don't think it can be triggered at all. The user also has not bothered to check...

@phoerious we are a CNA now, we can reject any such shenanigans. We can filter on the ingress.

@bagder https://tophomewarranty.online/manage.php?gem_id=388&ocm_id=e3c29bd3-1d95-11ef-a697-e3c2ded8

@bagder I’ve considered doing the same, but so far it was too much of a hassle. But it would definitely cut back on Curriculum Vitae Enhancers.

for educational purposes: https://hackerone.com/reports/2823554

@bagder

This has to be chatgpt?

@Foxboron perhaps

@bagder I see strong correlation between bullshit bug reports (not just in curl and not just about security) and the inability to use the markup of the bug tracker