556,557c556,558
<           else if (!strncmp (t,"BODY[",5) && (v = strchr(t+5,']')) && !v[1]){
<             strncpy (tmp,t+5,i = v - (t+5));
---
>           else if (!strncmp (t,"BODY[",5) && (v = strchr(t+5,']')) &&
>                    !v[1] && ((i = v - (t+5)) < MAILTMPLEN)){
>             strncpy (tmp,t+5,i);
563,564c564,566
<                    (v = strchr (t+10,']')) && !v[1]) {
<             strncpy (tmp,t+10,i = v - (t+10));
---
>                    (v = strchr (t+10,']')) && !v[1] &&
>                    ((i = v - (t+10)) < MAILTMPLEN)) {
>             strncpy (tmp,t+10,i);