[Security] Hardcoded packet validation exception in Long.Kernel

[carniato]

Hey guys,

I've been working on my own server using the Long source (Long.Kernel / Long.Network), and while reviewing the packet validation code I noticed something interesting in TcpClientSocket.cs.

if (!receivedFooter.Equals(expectedFooter) && !receivedFooter.Equals("WUuTxfpe"))

From what I can tell, if a packet footer doesn't match the expected value, the server will still accept it as long as the footer is "WUuTxfpe".

I'm not sure if this was originally added for internal communication, debugging, or if it's simply leftover code from an older version. But if it's left enabled in a production server, it effectively bypasses the footer validation for anyone who knows that value.

It may have had a legitimate purpose at some point, but it's worth double-checking. If you're running the Long source, search your codebase for WUuTxfpe and review whether that exception is still necessary. If not, keeping only the strict footer validation is probably the safer approach.

Just sharing this in case it helps anyone maintaining a Long-based server.

 

 edit.
Hey, sorry! I accidentally created the thread in the wrong section and didn't even notice. If possible, could you move it to the correct section? Thanks!

Edited 3 hours ago by carniato