a4a15e5
diff --git a/src/b64.c b/src/b64.c
a4a15e5
index b8736da..9e35251 100644
a4a15e5
--- a/src/b64.c
a4a15e5
+++ b/src/b64.c
a4a15e5
@@ -55,7 +55,7 @@ VERSION HISTORY:
a4a15e5
 \******************************************************************* */
a4a15e5
 
a4a15e5
 /* system headers */
a4a15e5
-#include <stdlib.h>
a4a15e5
+#include <stdio.h>
a4a15e5
 #include <string.h>
a4a15e5
 
a4a15e5
 /* libotr headers */
a4a15e5
@@ -147,8 +147,9 @@ static size_t decode(unsigned char *out, const char *in, size_t b64len)
a4a15e5
  * base64 decode data.  Skip non-base64 chars, and terminate at the
a4a15e5
  * first '=', or the end of the buffer.
a4a15e5
  *
a4a15e5
- * The buffer data must contain at least (base64len / 4) * 3 bytes of
a4a15e5
- * space.  This function will return the number of bytes actually used.
a4a15e5
+ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
a4a15e5
+ * of space.  This function will return the number of bytes actually
a4a15e5
+ * used.
a4a15e5
  */
a4a15e5
 size_t otrl_base64_decode(unsigned char *data, const char *base64data,
a4a15e5
 	size_t base64len)
a4a15e5
@@ -234,13 +235,18 @@ int otrl_base64_otr_decode(const char *msg, unsigned char **bufp,
a4a15e5
 	return -2;
a4a15e5
     }
a4a15e5
 
a4a15e5
+    /* Skip over the "?OTR:" */
a4a15e5
+    otrtag += 5;
a4a15e5
+    msglen -= 5;
a4a15e5
+
a4a15e5
     /* Base64-decode the message */
a4a15e5
-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
a4a15e5
+    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
a4a15e5
     rawmsg = malloc(rawlen);
a4a15e5
     if (!rawmsg && rawlen > 0) {
a4a15e5
 	return -1;
a4a15e5
     }
a4a15e5
-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
a4a15e5
+
a4a15e5
+    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
a4a15e5
 
a4a15e5
     *bufp = rawmsg;
a4a15e5
     *lenp = rawlen;
a4a15e5
diff --git a/src/b64.h b/src/b64.h
a4a15e5
index 34ef03f..dd0e115 100644
a4a15e5
--- a/src/b64.h
a4a15e5
+++ b/src/b64.h
a4a15e5
@@ -20,6 +20,19 @@
a4a15e5
 #ifndef __B64_H__
a4a15e5
 #define __B64_H__
a4a15e5
 
a4a15e5
+#include <stdlib.h>
a4a15e5
+
a4a15e5
+/* Base64 encodes blocks of this many bytes: */
a4a15e5
+#define OTRL_B64_DECODED_LEN 3
a4a15e5
+/* into blocks of this many bytes: */
a4a15e5
+#define OTRL_B64_ENCODED_LEN 4
a4a15e5
+
a4a15e5
+/* An encoded block of length encoded_len can turn into a maximum of
a4a15e5
+ * this many decoded bytes: */
a4a15e5
+#define OTRL_B64_MAX_DECODED_SIZE(encoded_len) \
a4a15e5
+    (((encoded_len + OTRL_B64_ENCODED_LEN - 1) / OTRL_B64_ENCODED_LEN) \
a4a15e5
+	* OTRL_B64_DECODED_LEN)
a4a15e5
+
a4a15e5
 /*
a4a15e5
  * base64 encode data.  Insert no linebreaks or whitespace.
a4a15e5
  *
a4a15e5
@@ -33,8 +46,9 @@ size_t otrl_base64_encode(char *base64data, const unsigned char *data,
a4a15e5
  * base64 decode data.  Skip non-base64 chars, and terminate at the
a4a15e5
  * first '=', or the end of the buffer.
a4a15e5
  *
a4a15e5
- * The buffer data must contain at least (base64len / 4) * 3 bytes of
a4a15e5
- * space.  This function will return the number of bytes actually used.
a4a15e5
+ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
a4a15e5
+ * of space.  This function will return the number of bytes actually
a4a15e5
+ * used.
a4a15e5
  */
a4a15e5
 size_t otrl_base64_decode(unsigned char *data, const char *base64data,
a4a15e5
 	size_t base64len);
a4a15e5
diff --git a/src/proto.c b/src/proto.c
a4a15e5
index 3f8c987..0374dfe 100644
a4a15e5
--- a/src/proto.c
a4a15e5
+++ b/src/proto.c
a4a15e5
@@ -537,13 +537,17 @@ gcry_error_t otrl_proto_data_read_flags(const char *datamsg,
a4a15e5
 	msglen = strlen(otrtag);
a4a15e5
     }
a4a15e5
 
a4a15e5
+    /* Skip over the "?OTR:" */
a4a15e5
+    otrtag += 5;
a4a15e5
+    msglen -= 5;
a4a15e5
+
a4a15e5
     /* Base64-decode the message */
a4a15e5
-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
a4a15e5
+    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
a4a15e5
     rawmsg = malloc(rawlen);
a4a15e5
     if (!rawmsg && rawlen > 0) {
a4a15e5
 	return gcry_error(GPG_ERR_ENOMEM);
a4a15e5
     }
a4a15e5
-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
a4a15e5
+    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
a4a15e5
 
a4a15e5
     bufp = rawmsg;
a4a15e5
     lenp = rawlen;
a4a15e5
@@ -606,14 +610,18 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
a4a15e5
 	msglen = strlen(otrtag);
a4a15e5
     }
a4a15e5
 
a4a15e5
+    /* Skip over the "?OTR:" */
a4a15e5
+    otrtag += 5;
a4a15e5
+    msglen -= 5;
a4a15e5
+
a4a15e5
     /* Base64-decode the message */
a4a15e5
-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
a4a15e5
+    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
a4a15e5
     rawmsg = malloc(rawlen);
a4a15e5
     if (!rawmsg && rawlen > 0) {
a4a15e5
 	err = gcry_error(GPG_ERR_ENOMEM);
a4a15e5
 	goto err;
a4a15e5
     }
a4a15e5
-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
a4a15e5
+    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
a4a15e5
 
a4a15e5
     bufp = rawmsg;
a4a15e5
     lenp = rawlen;
a4a15e5
diff --git a/toolkit/parse.c b/toolkit/parse.c
a4a15e5
index 5f357fc..16718ca 100644
a4a15e5
--- a/toolkit/parse.c
a4a15e5
+++ b/toolkit/parse.c
a4a15e5
@@ -64,7 +64,8 @@ static unsigned char *decode(const char *msg, size_t *lenp)
a4a15e5
 {
a4a15e5
     const char *header, *footer;
a4a15e5
     unsigned char *raw;
a4a15e5
-	
a4a15e5
+    size_t rawlen;
a4a15e5
+
a4a15e5
     /* Find the header */
a4a15e5
     header = strstr(msg, "?OTR:");
a4a15e5
     if (!header) return NULL;
a4a15e5
@@ -75,8 +76,10 @@ static unsigned char *decode(const char *msg, size_t *lenp)
a4a15e5
     footer = strchr(header, '.');
a4a15e5
     if (!footer) footer = header + strlen(header);
a4a15e5
 
a4a15e5
-    raw = malloc((footer-header) / 4 * 3);
a4a15e5
-    if (raw == NULL && (footer-header >= 4)) return NULL;
a4a15e5
+    rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header);
a4a15e5
+
a4a15e5
+    raw = malloc(rawlen);
a4a15e5
+    if (raw == NULL && rawlen > 0) return NULL;
a4a15e5
     *lenp = otrl_base64_decode(raw, header, footer-header);
a4a15e5
 
a4a15e5
     return raw;