[Crash] Unchecked msg.servicesMeta.startTime access in requestConfig

## Summary
Game server crashes when services send `requestConfig` response without `servicesMeta`.

## Affected Code
`server-game/start-game.js:230`

```javascript
if ((msg.servicesMeta.startTime > ss.config.servicesMeta.startTime) && ss.isPerpetual) {
  // CRASH if msg.servicesMeta is undefined
```

## Vulnerability
If services server sends incomplete config or a malicious client spoofs the services response.

## Impact
- Game server crash
- Denial of service

## Proof of Concept
Send `{"cmd":"requestConfig"}` without `servicesMeta` field.

## Recommended Fix
```javascript
if ((msg.servicesMeta?.startTime > ss.config.servicesMeta?.startTime) && ss.isPerpetual) {
```

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Crash] Unchecked msg.servicesMeta.startTime access in requestConfig #51

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Crash] Unchecked msg.servicesMeta.startTime access in requestConfig #51

Description

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions