From ff6dd4b249ddcb01efdec8cb5d9aa236b80d2541 Mon Sep 17 00:00:00 2001
From: Jakub Melka <Mgr.Jakub.Melka@gmail.com>
Date: Tue, 21 Nov 2023 19:43:04 +0100
Subject: [PATCH] Issue #110: PDF4QT Viewer Lite : Arbitrary Code can execute
 when using Send by Email

---
 Pdf4QtViewer/pdfsendmail.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/Pdf4QtViewer/pdfsendmail.cpp b/Pdf4QtViewer/pdfsendmail.cpp
index 82eec4e..a19df2b 100644
--- a/Pdf4QtViewer/pdfsendmail.cpp
+++ b/Pdf4QtViewer/pdfsendmail.cpp
@@ -41,8 +41,22 @@ bool PDFSendMail::sendMail(QWidget* parent, QString subject, QString fileName)
     std::wstring fileNameString = fileInfo.fileName().toStdWString();
     std::wstring filePathString = QDir::toNativeSeparators(fileInfo.absoluteFilePath()).toStdWString();
 
+    std::array<wchar_t, MAX_PATH> systemDirectoryBuffer = { };
+    if (!::GetSystemDirectoryW(systemDirectoryBuffer.data(), uint(systemDirectoryBuffer.size())))
+    {
+        return false;
+    }
 
-    HMODULE mapiLib = ::LoadLibrary(L"MAPI32.DLL");
+    QString systemDirectory = QString::fromWCharArray(systemDirectoryBuffer.data());
+    QString mapiDllPath = QString("%1\\MAPI32.dll").arg(systemDirectory);
+    QFileInfo mapiDllPathInfo(mapiDllPath);
+    QString mapiDllPathCorrected = mapiDllPathInfo.absoluteFilePath();
+
+    std::vector<wchar_t> mapiDllPathWchar(mapiDllPathCorrected.size() + 1);
+    qsizetype length = mapiDllPathCorrected.toWCharArray(mapiDllPathWchar.data());
+    mapiDllPathWchar[length] = 0;
+
+    HMODULE mapiLib = ::LoadLibraryW(mapiDllPathWchar.data());
     if (!mapiLib)
     {
         return false;