diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index fbb44b3f85..d2e355a8b8 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -430,7 +430,8 @@ read_server_first_message(fe_scram_state *state, char *input,
 	}
 
 	/* Verify immediately that the server used our part of the nonce */
-	if (strncmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
+	if (strlen(nonce) < strlen(state->client_nonce) ||
+		memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
 	{
 		printfPQExpBuffer(errormessage,
 				 libpq_gettext("invalid SCRAM response (nonce mismatch)\n"));