diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
index cadc67af..ca8be8fa 100644
--- a/src/lib/libc/crypt/cryptutil.c
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
  *
@@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash)
 
 	/* have to do it the hard way */
 	res = crypt(pass, goodhash);
-	if (strlen(res) != strlen(goodhash) ||
+	if (res == NULL || strlen(res) != strlen(goodhash) ||
 	    timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
 		goto fail;
 	}