I'm attaching a patch that I think is the right fix, but would appreciate feedback from people who understand evp/b64 better than me. It passes "make test", and ceases to dump-core with David's sample input (also attached to this ticket).
BTW, this patch seems to apply to all branches as far back as I've looked (0.9.7-stable), so presumably the problem is as old as that too.
0001-evp-prevent-underflow-in-base64-decoding.patch
Description: Binary data
