diff -up sudo-1.8.6p7/plugins/sudoers/match.c.newbase64decoder sudo-1.8.6p7/plugins/sudoers/match.c
--- sudo-1.8.6p7/plugins/sudoers/match.c.newbase64decoder	2015-09-01 13:35:42.746241825 +0200
+++ sudo-1.8.6p7/plugins/sudoers/match.c	2015-09-01 13:40:52.360233611 +0200
@@ -510,53 +510,60 @@ command_matches_glob(char *sudoers_cmnd,
 }
 
 /*
+ * base64 decoder
+ * PUBLIC DOMAIN - Jon Mayo - November 13, 2003
+ */
+static const uint8_t base64dec_tab[256]= {
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63,
+  52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255,  0,255,255,
+  255,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
+  15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255,
+  255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+  41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+  255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
+};
+
+/*
  * Decode a NUL-terminated string in base64 format and store the
  * result in dst.
  */
 size_t
-base64_decode(const char *str, unsigned char *dst, size_t dsize)
+base64_decode(const char *in, unsigned char *out, size_t out_len)
 {
-    static const char b64[] =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-    const unsigned char *dst0 = dst;
-    const unsigned char *dend = dst + dsize;
-    unsigned char ch[4];
-    char *pos;
-    int i;
-    debug_decl(base64_decode, SUDO_DEBUG_MATCH)
+  size_t in_len = strlen(in);
+  size_t ii, io;
+  uint_least32_t v;
+  size_t rem;
 
-    /*
-     * Convert from base64 to binary.  Each base64 char holds 6 bits of data
-     * so 4 base64 chars equals 3 chars of data.
-     * Padding (with the '=' char) may or may not be present.
-     */
-    while (*str != '\0') {
-	for (i = 0; i < 4; i++) {
-	    switch (*str) {
-	    case '=':
-		str++;
-		/* FALLTHROUGH */
-	    case '\0':
-		ch[i] = '=';
-		break;
-	    default:
-		if ((pos = strchr(b64, *str++)) == NULL)
-		    debug_return_size_t((size_t)-1);
-		ch[i] = (unsigned char)(pos - b64);
-		break;
-	    }
-	}
-	if (ch[0] == '=' || ch[1] == '=' || dst == dend)
-	    break;
-	*dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
-	if (ch[2] == '=' || dst == dend)
-	    break;
-	*dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
-	if (ch[3] == '=' || dst == dend)
-	    break;
-	*dst++ = ((ch[2] & 0x03) << 6) | ch[3];
+  for(io=0,ii=0,v=0,rem=0;ii<in_len;ii++) {
+    unsigned char ch;
+    if(isspace(in[ii])) continue;
+    if(in[ii]=='=') break; /* stop at = */
+    ch=base64dec_tab[(size_t)in[ii]];
+    if(ch==255) break; /* stop at a parse error */
+    v=(v<<6)|ch;
+    rem+=6;
+    if(rem>=8) {
+      rem-=8;
+      if(io>=out_len) return -1; /* truncation is failure */
+      out[io++]=(v>>rem)&255;
     }
-    debug_return_size_t((size_t)(dst - dst0));
+  }
+  if(rem>=8) {
+    rem-=8;
+    if(io>=out_len) return -1; /* truncation is failure */
+    out[io++]=(v>>rem)&255;
+  }
+  return io;
 }
 
 static bool