The Mhttp and Msmtp routines both use Maddtoheader() which uses strncat to fill up the buffer and append a trailing zero char after each append. Mhttp initialises hleft to sizeof(header) - 1, which leaves space for a terminating zero char, even if the header becomes full. Msmtp initialises hleft to sizeof(header), which means a buffer overflow is possible.
The Mhttp and Msmtp routines both use Maddtoheader() which uses strncat to fill up the buffer and append a trailing zero char after each append. Mhttp initialises hleft to sizeof(header) - 1, which leaves space for a terminating zero char, even if the header becomes full. Msmtp initialises hleft to sizeof(header), which means a buffer overflow is possible.