diff --git a/lib/pingpong.c b/lib/pingpong.c
index ae3f7faa30..b40d968b3f 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -292,6 +292,13 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data,
the line is not really terminated until the LF comes */
size_t length = nl - line + 1;
+ if(memchr(line, 0, length)) {
+ /* The response line is passed on as a "header" below, so reject an
+ embedded nul the same way verify_header() does for HTTP. */
+ failf(data, "Nul byte in server response line");
+ return CURLE_WEIRD_SERVER_REPLY;
+ }
+
/* output debug output if that is requested */
Curl_debug(data, CURLINFO_HEADER_IN, line, length);
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 705b8be4cd..6e8eca22bd 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -254,6 +254,7 @@ test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 \
test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 \
test2088 test2089 test2090 test2091 test2092 \
test2100 test2101 test2102 test2103 test2104 test2105 test2106 test2107 \
+test2108 \
\
test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 \
test2208 \
diff --git a/tests/data/test1282 b/tests/data/test1282
index 06cf5170ed..774f54cffa 100644
--- a/tests/data/test1282
+++ b/tests/data/test1282
@@ -10,7 +10,7 @@ RETR
# Server-side
-REPLY PASS 633 XXXXXXXX\x00\x00XXXXXXXX
+REPLY PASS 633 XXXXXXXXXXXXXXXX
diff --git a/tests/data/test2108 b/tests/data/test2108
new file mode 100644
index 0000000000..481d09357e
--- /dev/null
+++ b/tests/data/test2108
@@ -0,0 +1,41 @@
+
+
+
+
+FTP
+
+
+# Server-side
+
+
+REPLY PASS 230 logged\x00 in
+
+
+
+# Client-side
+
+
+ftp
+
+
+FTP rejects a nul byte in a server response line
+
+
+ftp://%HOSTIP:%FTPPORT/%TESTNUMBER
+
+
+
+
+# Verify data after the test has been "shot"
+
+
+USER anonymous
+PASS ftp@example.com
+
+
+# 8 == CURLE_WEIRD_SERVER_REPLY
+
+8
+
+
+