From 102fdb5168aadb6f8d0a0c4ccd0f09a0bbd0fd90 Mon Sep 17 00:00:00 2001
From: Wilfried Goesgens <dothebart@citadel.org>
Date: Sat, 14 Dec 2013 20:51:32 +0100
Subject: [PATCH] msgbase: don't buffer overrun on invalid messages.

---
 citadel/msgbase.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index e81d14623..073410d18 100644
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -1153,8 +1153,12 @@ struct CtdlMessage *CtdlFetchMessage(long msgnum, int with_body)
 			}
 			field_header = *mptr++;
 		}
+		if (mptr >= upper_bound) {
+			break;
+		}
 		which = field_header;
 		len = strlen(mptr);
+
 		CM_SetField(ret, which, mptr, len);
 
 		mptr += len + 1;	/* advance to next field */
-- 
2.30.2