diff --git a/CHANGES b/CHANGES
index 14411fddeaea230494d56363cc7a8ea8bfaabb9c..2fefc399f8aa13468f86d1d6b49bdc1eb82c9cc0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ OpenLDAP 2.4.11 Engineering
 	Fixed slapo-ppolicy DNs with whitespaces (ITS#5552)
 	Fixed slapo-syncprov ACL evaluation (ITS#5548)
 	Fixed slapo-syncprov full reload (ITS#5564)
+	Fixed contrib smbk5pwd terminator (ITS#5575)
 	Build Environment
 		Fixed test048 to skip if threads is not available (ITS#5529)
 	Documentation
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index de8d758bdf9d2ea35e7f2fc9ad624667710f85db..32f2733f98669e9e7e61d68531af17f153fc5ab3 100644
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -350,6 +350,7 @@ static int smbk5pwd_exop_passwd(
 	Modifications *ml;
 	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
 	smbk5pwd_t *pi = on->on_bi.bi_private;
+	char term;
 
 	/* Not the operation we expected, pass it on... */
 	if ( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) ) {
@@ -360,6 +361,9 @@ static int smbk5pwd_exop_passwd(
 	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
 	if ( rc != LDAP_SUCCESS ) return rc;
 
+	term = qpw->rs_new.bv_val[qpw->rs_new.bv_len];
+	qpw->rs_new.bv_val[qpw->rs_new.bv_len] = '\0';
+
 #ifdef DO_KRB5
 	/* Kerberos stuff */
 	do {
@@ -596,6 +600,7 @@ static int smbk5pwd_exop_passwd(
 	}
 #endif /* DO_SAMBA */
 	be_entry_release_r( op, e );
+	qpw->rs_new.bv_val[qpw->rs_new.bv_len] = term;
 
 	return SLAP_CB_CONTINUE;
 }