use m_responseReadState to avoid calling parseResponse() (as a failsafe for malicious/bad server responses)

Signed-off-by: iTrooz <hey@itrooz.fr>

launcher/ui/pages/instance/McClient.cpp

@@ -46,18 +46,24 @@ void McClient::sendRequest() {
     writePacketToSocket(data); // send status packet
 }
 
-// Accumulate data until we have a full response, then call parseResponse()
+// Accumulate data until we have a full response, then call parseResponse() once
 void McClient::readRawResponse() {
-    m_resp.append(m_socket.readAll());
-    if (m_wantedRespLength == 0 && m_resp.size() >= 5) {
-        m_wantedRespLength = readVarInt(m_resp);
+    if (m_responseReadState == 2) {
+        return;
     }
 
-    if (m_wantedRespLength != 0 && m_resp.size() >= m_wantedRespLength) {
+    m_resp.append(m_socket.readAll());
+    if (m_responseReadState == 0 && m_resp.size() >= 5) {
+        m_wantedRespLength = readVarInt(m_resp);
+        m_responseReadState = 1;
+    }
+    
+    if (m_responseReadState == 1 && m_resp.size() >= m_wantedRespLength) {
         if (m_resp.size() > m_wantedRespLength) {
             qDebug() << "Warning: Packet length doesn't match actual packet size (" << m_wantedRespLength << " expected vs " << m_resp.size() << " received)";
         }
         parseResponse();
+        m_responseReadState = 2;
     }
 }
 

launcher/ui/pages/instance/McClient.h

@@ -15,6 +15,10 @@ class McClient : public QObject {
     short m_port;
     QTcpSocket m_socket;
 
+    // 0: did not start reading the response yet
+    // 1: read the response length, still reading the response
+    // 2: finished reading the response
+    unsigned m_responseReadState = 0;
     unsigned m_wantedRespLength = 0;
     QByteArray m_resp;