From: Wilfried Goesgens <dothebart@citadel.org>
Date: Sat, 14 Dec 2013 19:51:32 +0000 (+0100)
Subject: msgbase: don't buffer overrun on invalid messages.
X-Git-Tag: v9.01~163
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=102fdb5168aadb6f8d0a0c4ccd0f09a0bbd0fd90

msgbase: don't buffer overrun on invalid messages.
---

diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index e81d14623..073410d18 100644
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -1153,8 +1153,12 @@ struct CtdlMessage *CtdlFetchMessage(long msgnum, int with_body)
 			}
 			field_header = *mptr++;
 		}
+		if (mptr >= upper_bound) {
+			break;
+		}
 		which = field_header;
 		len = strlen(mptr);
+
 		CM_SetField(ret, which, mptr, len);
 
 		mptr += len + 1;	/* advance to next field */