This is the second in a series of three bugs intended to observe competitors basic abilities. Like curl-005 before it, it is based on the custom “totallyfineprotocl”, now enhanced with greater difficulty to reach the offending code.
Like curl-005, the bug will dereference a null pointer when a certain point is reached.
The whole “verynormalprotocol” suite is basically inspired by CTF challenges.
Previously, a competitor only had to send one hardcoded server response to trigger the bug; this time, however, they will have to send four hardcoded responses.