[Crash] Unchecked msg.username.length access in validateRegister

## Summary
Server crashes when `msg.username` is undefined/null but code accesses `msg.username.length`.

## Affected Code
`server-services/start-services.js:517`

```javascript
case 'validateRegister':
  if (msg.username.length < 3 || !/^[A-Za-z0-9?!._-]+$/.test(msg.username)) {
    // CRASH if msg.username is undefined
```

## Vulnerability
If a client sends `{"cmd":"validateRegister"}` without a `username` field, `msg.username` is `undefined`.

## Impact
- Remote server crash with single message
- Denial of service

## Proof of Concept
```json
{"cmd":"validateRegister","password":"abc123"}
```

## Recommended Fix
```javascript
if (!msg.username || msg.username.length < 3 || !/^[A-Za-z0-9?!._-]+$/.test(msg.username)) {
```

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Crash] Unchecked msg.username.length access in validateRegister #50

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Crash] Unchecked msg.username.length access in validateRegister #50

Description

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions