--- pam_pgsql.c.orig	2006-03-03 12:36:59.000000000 +0100
+++ pam_pgsql.c	2006-03-03 12:39:14.000000000 +0100
@@ -390,15 +390,19 @@
                     mhash(handle, pass, strlen(pass));
                     hash = mhash_end(handle);
 
-                    buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1;
-                    buf = (char *)malloc(buf_size);
-                    bzero(buf, buf_size);
-
-                    for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) {
-                        /* should be safe */
-                        sprintf(&buf[i * 2], "%.2x", hash[i]);
-                    }
-                    s = buf;
+                    if (hash != NULL) 
+                    {
+			buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1;
+                    	buf = (char *)malloc(buf_size);
+                    	bzero(buf, buf_size);
+
+                    	for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) {
+                            /* should be safe */
+	                    sprintf(&buf[i * 2], "%.2x", hash[i]);
+        	        }
+			free(hash);
+                	s = buf;
+		    }	
                 }
             }
             break;