3 files changed, 7 insertions, 1 deletions

diff --git a/base64.c b/base64.c
index 9af84a48..b1351422 100644
--- a/base64.c
+++ b/base64.c
@@ -27,6 +27,11 @@ static const char base64val[] = {
 };
 #define DECODE64(c)  (isascii((unsigned char)(c)) ? base64val[c] : BAD)
 
+unsigned len64frombits(unsigned inlen)
+{
+	return (inlen + 2)/3*4;
+}
+
 int to64frombits(char *out, const void *in_, int inlen, size_t outlen)
 /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */
 {
diff --git a/fetchmail.h b/fetchmail.h
index a5f15e8d..717ebd6f 100644
--- a/fetchmail.h
+++ b/fetchmail.h
@@ -634,6 +634,7 @@ int prc_parse_file(const char *, const flag);
 int prc_filecheck(const char *, const flag);
 
 /* base64.c */
+unsigned len64frombits(unsigned inlen); /** calculate length needed to encode inlen octets. warnings: 1. caller needs to add 1 for a trailing \0 byte himself. 2. returns 0 for inlen 0! */
 int to64frombits(char *, const void *, int inlen, size_t outlen);
 int from64tobits(void *, const char *, int mxoutlen);
 
diff --git a/imap.c b/imap.c
index d441ced8..f0d9ac95 100644
--- a/imap.c
+++ b/imap.c
@@ -398,7 +398,7 @@ static int do_auth_external (int sock, const char *command, const char *name)
     if (name && name[0])
     {
         size_t len = strlen(name);
-        if ((len / 3) + ((len % 3) ? 4 : 0)  < sizeof(buf))
+        if (len64frombits(len) + 1  <= sizeof(buf)) /* +1: need to fit \0 byte */
             to64frombits (buf, name, strlen(name), sizeof buf);
         else
             return PS_AUTHFAIL; /* buffer too small. */