diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 80e3276..8d4315e 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -73,6 +73,11 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 	int retval;
 	D(("called"));
 
+	if (p && strlen(p) > 512) {
+		D(("password max length exceeded"));
+		return PAM_AUTH_ERR;
+	}
+
 	strip_hpux_aging(hash);
 	hash_len = strlen(hash);
 	if (!hash_len) {