diff --git a/CMakeLists.txt b/CMakeLists.txt
index d9709c809..0dd55af4c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -701,6 +701,7 @@ if(WITH_LIBVNCSERVER)
   list(APPEND SIMPLETESTS
     cargstest
     copyrecttest
+    password_list_test
   )
 endif(WITH_LIBVNCSERVER)
 
@@ -758,6 +759,7 @@ endif(LIBVNCSERVER_WITH_WEBSOCKETS AND WITH_LIBVNCSERVER)
 
 if(WITH_LIBVNCSERVER)
   add_test(NAME cargs COMMAND test_cargstest)
+  add_test(NAME password_list COMMAND test_password_list_test)
 endif(WITH_LIBVNCSERVER)
 if(UNIX)
   if(WITH_LIBVNCSERVER)
diff --git a/src/libvncserver/main.c b/src/libvncserver/main.c
index 3387d1666..4f04a19ee 100644
--- a/src/libvncserver/main.c
+++ b/src/libvncserver/main.c
@@ -791,7 +791,15 @@ static rfbCursorPtr rfbDefaultGetCursorPtr(rfbClientPtr cl)
 static rfbBool rfbDefaultPasswordCheck(rfbClientPtr cl,const char* response,int len)
 {
   int i;
-  char *passwd=rfbDecryptPasswdFromFile(cl->screen->authPasswdData);
+  char *passwd;
+
+  if(response == NULL || len != CHALLENGESIZE) {
+    rfbErr("authProcessClientMessage: invalid response length from %s\n",
+	   cl->host);
+    return(FALSE);
+  }
+
+  passwd=rfbDecryptPasswdFromFile(cl->screen->authPasswdData);
 
   if(!passwd) {
     rfbErr("Couldn't read password file: %s\n",cl->screen->authPasswdData);
@@ -823,6 +831,12 @@ rfbBool rfbCheckPasswordByList(rfbClientPtr cl,const char* response,int len)
   char **passwds;
   int i=0;
 
+  if(response == NULL || len != CHALLENGESIZE) {
+    rfbErr("authProcessClientMessage: invalid response length from %s\n",
+	   cl->host);
+    return(FALSE);
+  }
+
   for(passwds=(char**)cl->screen->authPasswdData;*passwds;passwds++,i++) {
     uint8_t auth_tmp[CHALLENGESIZE];
     memcpy((char *)auth_tmp, (char *)cl->authChallenge, CHALLENGESIZE);
diff --git a/test/password_list_test.c b/test/password_list_test.c
new file mode 100644
index 000000000..251ee5b32
--- /dev/null
+++ b/test/password_list_test.c
@@ -0,0 +1,30 @@
+#include <rfb/rfb.h>
+
+#include <string.h>
+
+int main(int argc, char **argv)
+{
+    rfbScreenInfoPtr screen;
+    rfbClientRec cl;
+    char response[CHALLENGESIZE + 1];
+    char *passwords[] = { (char *)"password", NULL };
+
+    screen = rfbGetScreen(&argc, argv, 4, 4, 8, 1, 1);
+    if(!screen)
+	return 1;
+
+    memset(&cl, 0, sizeof(cl));
+    memset(response, 'A', sizeof(response));
+
+    cl.screen = screen;
+    cl.host = (char *)"test";
+    screen->authPasswdData = passwords;
+
+    if(rfbCheckPasswordByList(&cl, response, sizeof(response)) != FALSE) {
+	rfbScreenCleanup(screen);
+	return 1;
+    }
+
+    rfbScreenCleanup(screen);
+    return 0;
+}