diff -Naur apg-2.3.0b-orig/restrict.c apg-2.3.0b/restrict.c
--- apg-2.3.0b-orig/restrict.c	2003-08-07 11:40:39.000000000 -0400
+++ apg-2.3.0b/restrict.c	2012-04-23 15:01:38.968745907 -0400
@@ -54,6 +54,10 @@
  FILE *dct;
  char *string;
  char *tmp;
+
+ if( pass == NULL)
+   return(-1);
+
  if( (string = (char *) calloc(1,MAX_DICT_STRING_SIZE)) == NULL)
    return(-1);
  
@@ -140,13 +144,17 @@
 paranoid_bloom_check_pass (char * password, char *filter, USHORT s_len)
 {
  char * substring;
- int len = strlen(password); /* string length                      */
+ int len = 0;
  int c_substr_start_pos = 0; /* current start position             */
  int substr_len = 0;         /* substring length (LEN-I >= substr_len >= 2) */
  int k = 0;                  /* counter                            */
  int c = 0;                  /* counter                            */
  int ret = 0;
  if (s_len < 2) s_len = 2;
+ if(password == NULL)
+   return (-1);
+
+ len = strlen(password); /* string length                      */
  if (s_len > len) return (bloom_check_pass(password, filter));
 
 #ifdef APG_DEBUG
@@ -203,16 +211,19 @@
 cracklib_check_pass(char *pw, char *dictpath)
 {
  char * msg;
- msg = FascistCheck(pw,dictpath);
- if (msg == NULL) return (0);
- else
+ if( pw != NULL)
   {
+   msg = FascistCheck(pw,dictpath);
+   if (msg == NULL) return (0);
+   else
+    {
 #ifdef APG_DEBUG
-   fprintf(stdout,"cracklib_check_pass: password --> %s rejected (%s)\n", pw, msg);
-   fflush(stdout);
+     fprintf(stdout,"cracklib_check_pass: password --> %s rejected (%s)\n", pw, msg);
+     fflush(stdout);
 #endif
-   return (1);
+    }
   }
+  return (1);
 }
 #endif
 
@@ -245,6 +256,9 @@
  fflush (stdout);
 #endif /* APG_DEBUG */
 
+if(word == NULL)
+ return(0);
+
  if ((cond & S_SS) > 0)
     for (i=0; i < 94; i++)
        if ((smbl[i].type & S_SS) > 0)