diff --git a/wpa_supplicant/wpa_passphrase.c b/wpa_supplicant/wpa_passphrase.c
index 9b568f0f7..adca1cce1 100644
--- a/wpa_supplicant/wpa_passphrase.c
+++ b/wpa_supplicant/wpa_passphrase.c
@@ -17,6 +17,7 @@ int main(int argc, char *argv[])
 	unsigned char psk[32];
 	int i;
 	char *ssid, *passphrase, buf[64], *pos;
+	size_t len;
 
 	if (argc < 2) {
 		printf("usage: wpa_passphrase <ssid> [passphrase]\n"
@@ -47,10 +48,15 @@ int main(int argc, char *argv[])
 		passphrase = buf;
 	}
 
-	if (os_strlen(passphrase) < 8 || os_strlen(passphrase) > 63) {
+	len = os_strlen(passphrase);
+	if (len < 8 || len > 63) {
 		printf("Passphrase must be 8..63 characters\n");
 		return 1;
 	}
+	if (has_ctrl_char((u8 *) passphrase, len)) {
+		printf("Invalid passphrase character\n");
+		return 1;
+	}
 
 	pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);