diff --git a/ChangeLog b/ChangeLog
index 7e7374bd5..e904eb819 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Features
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix bug in ssl_mail_client when password is longer that username (found
+     by Bruno Pape).
    * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
      (detected by Clang's 3.6 UBSan).
    * mpi_size() and mpi_msb() would segfault when called on an mpi that is
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fcda1dde3..27c57a17f 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -722,7 +722,7 @@ int main( int argc, char *argv[] )
         polarssl_printf( "  > Write username to server: %s", opt.user_name );
         fflush( stdout );
 
-        n = sizeof( buf );
+        n = sizeof( base );
         ret = base64_encode( base, &n, (const unsigned char *) opt.user_name,
                              strlen( opt.user_name ) );
 
@@ -743,6 +743,7 @@ int main( int argc, char *argv[] )
         polarssl_printf( "  > Write password to server: %s", opt.user_pwd );
         fflush( stdout );
 
+        n = sizeof( base );
         ret = base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
                              strlen( opt.user_pwd ) );