A remote denial of service vulnerability in check_client_passwd() has
been discovered. The issue is triggered if a password packet appears
before the startup packet. In such case a null pointer is dereferenced
that is leading to application crash.