search

bluetiger9 / SmtpClient-for-Qt

An SMTP Client writen in C++ for Qt. Allows applications to send emails (MIME with text, html, attachments, inline files, etc.) via SMTP. Supports SSL and SMTP authentication.
https://github.com/bluetiger9/SmtpClient-for-Qt/wiki
GNU Lesser General Public License v2.1
449 stars 226 forks source link

Potential access violation (uncaught exception) in socketReadyRead() #129

Closed ghorwin closed 1 year ago

ghorwin commented 1 year ago

Hi,

just noted something in smtpclient.cpp:

void SmtpClient::socketReadyRead()
{
    QString responseLine;

    if (!socket->isOpen()) {
        emitError(SocketError);
        return;
    }

    while (socket->canReadLine()) {
        // Save the server's response
        responseLine = socket->readLine();
        tempResponse += responseLine;

#ifndef QT_NO_DEBUG
        qDebug() << "[Socket] IN: " << responseLine;
#endif
    }

    // Is this the last line of the response
    if (responseLine[3] == ' ') {              // BUG: potential index out of range if responseLine.length() < 4
        responseText = tempResponse;
        tempResponse = "";

A length check is missing.