diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 0ce6727dd..16cedfe94 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -358,7 +358,11 @@ int main( int argc, char *argv[] )
     mbedtls_net_context server_fd;
 #if defined(MBEDTLS_BASE64_C)
     unsigned char base[1024];
-    unsigned char buf[ sizeof( base ) + 2 ];
+    /* buf is used as the destination buffer for printing base with the format:
+     * "%s\r\n". Hence, the size of buf should be at least the size of base
+     * plus 2 bytes for the \r and \n characters.
+     */
+    unsigned char buf[sizeof( base ) + 2];
 #else
     unsigned char buf[1024];
 #endif