document \0 filter in checker results?

[Trolldemorted]

Strictly speaking we are now changing the checker results (message, attackInfo) before they reach the user. This might be unexpected for checker authors who rely on obscure strings.

[DanielHabenicht]

Or we should specify it as a TENET, that they should not include \0

[Savallator]

Seriously, allowing \0 in strings is just calling for problems, and imho any checker author depending on something obscure like that should reconsider his life choices...

[Trolldemorted]

Seriously, allowing \0 in strings is just calling for problems, and imho any checker author depending on something obscure like that should reconsider his life choices...

Sure, but I'd like to tell them that right away :)

Maybe just dropping the string, logging an error and considering it a checker error is the sanest approach?

[Savallator]

One important point is here that we should make clear that player-generated stuff never ends up there.
I can imagine checker authors doing stuff like dumping usernames or whatever there, and then a malicious player can make other services checker-error.

[Savallator]

Maybe we should just strip the \0 bytes, and continue without error?
Because exploit mechanics might indeed requiere \0 bytes in stuff like usernames or whatever sometimes.