diff --git a/ChangeLog b/ChangeLog
index 78a67e6b7..8387604d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,11 @@
 20050726
  - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
    tim@.
+ - (djm) OpenBSD CVS Sync
+   - otto@cvs.openbsd.org 2005/07/19 15:32:26
+     [auth-passwd.c]
+     auth_usercheck(3) can return NULL, so check for that. Report from
+     mpech@. ok markus@
 
 20050725
  - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
@@ -2865,4 +2870,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3855 2005/07/26 02:00:42 dtucker Exp $
+$Id: ChangeLog,v 1.3856 2005/07/26 11:54:11 djm Exp $
diff --git a/auth-passwd.c b/auth-passwd.c
index 654e0b821..6e6d0d76a 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $");
 
 #include "packet.h"
 #include "buffer.h"
@@ -163,6 +163,8 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 
 	as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
 	    (char *)password);
+	if (as == NULL)
+		return (0);
 	if (auth_getstate(as) & AUTH_PWEXPIRED) {
 		auth_close(as);
 		disable_forwarding();