projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
msgbase: don't buffer overrun on invalid messages.
[citadel.git] / citadel / msgbase.c
diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index e81d14623cb314b9c44c6ebffb5fd88cbecc5539..073410d182223e87fed4380b29d7cad120e5c2cb 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -1153,8 +1153,12 @@ struct CtdlMessage *CtdlFetchMessage(long msgnum, int with_body)
                        }
                        field_header = *mptr++;
                }
+               if (mptr >= upper_bound) {
+                       break;
+               }
                which = field_header;
                len = strlen(mptr);
+
                CM_SetField(ret, which, mptr, len);
 
                mptr += len + 1;        /* advance to next field */
Citadel server, clients, utilities