A serious security bug... caused by no bounds checking.

[Kagamin]

On Friday, 11 April 2014 at 16:17:49 UTC, Marco Leise wrote:
> This still doesn't touch D's array bounds checking at all,
> because the array pointer and length come from an unreliable
> source to begin with!

In D implementation the client packet would be reliably confined 
by a slice, so the forged length will be checked against packet 
boundaries.

byte[] packet = recieve();
int length = get_payload_length(packet);
dest[0..length] = packet[3..3+length];