diff --git a/ChangeLog.txt b/ChangeLog.txt
index becbb44a..86f809cf 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,6 @@
+Broker:
+- Use constant time memcmp for password comparisons.
+
 1.4.14 - 20170710
 =================
 
diff --git a/lib/mosquitto.c b/lib/mosquitto.c
index be8e62e5..61ffdd87 100644
--- a/lib/mosquitto.c
+++ b/lib/mosquitto.c
@@ -971,9 +971,10 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
 				/* Fake write possible, to stimulate output write even though
 				 * we didn't ask for it, because at that point the publish or
 				 * other command wasn't present. */
-				FD_SET(mosq->sock, &writefds);
+				if(mosq->sock != INVALID_SOCKET)
+					FD_SET(mosq->sock, &writefds);
 			}
-			if(FD_ISSET(mosq->sock, &writefds)){
+			if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
 #ifdef WITH_TLS
 				if(mosq->want_connect){
 					rc = mosquitto__socket_connect_tls(mosq);
diff --git a/src/loop.c b/src/loop.c
index 3d068181..bf4876bc 100644
--- a/src/loop.c
+++ b/src/loop.c
@@ -21,6 +21,7 @@ Contributors:
 #include <assert.h>
 #ifndef WIN32
 #include <poll.h>
+#include <unistd.h>
 #else
 #include <process.h>
 #include <winsock2.h>
@@ -126,7 +127,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
 #ifdef WIN32
 	pollfd_max = _getmaxstdio();
 #else
-	pollfd_max = getdtablesize();
+	pollfd_max = sysconf(_SC_OPEN_MAX);
 #endif
 
 	pollfds = _mosquitto_malloc(sizeof(struct pollfd)*pollfd_max);
diff --git a/src/security_default.c b/src/security_default.c
index 43cd3f0c..c4085828 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -33,6 +33,9 @@ static int _pw_digest(const char *password, const unsigned char *salt, unsigned
 static int _base64_decode(char *in, unsigned char **decoded, unsigned int *decoded_len);
 #endif
 
+static int mosquitto__memcmp_const(const void *ptr1, const void *b, size_t len);
+
+
 int mosquitto_security_init_default(struct mosquitto_db *db, bool reload)
 {
 	int rc;
@@ -650,6 +653,23 @@ static int _psk_file_parse(struct mosquitto_db *db)
 	return MOSQ_ERR_SUCCESS;
 }
 
+
+static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
+{
+	int i;
+	int rc = 0;
+
+	if(!a || !b) return 1;
+
+	for(i=0; i<len; i++){
+		if( ((char *)a)[i] != ((char *)b)[i] ){
+			rc = 1;
+		}
+	}
+	return rc;
+}
+
+
 int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, const char *password)
 {
 	struct _mosquitto_unpwd *u, *tmp;
@@ -670,7 +690,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username,
 #ifdef WITH_TLS
 					rc = _pw_digest(password, u->salt, u->salt_len, hash, &hash_len);
 					if(rc == MOSQ_ERR_SUCCESS){
-						if(hash_len == u->password_len && !memcmp(u->password, hash, hash_len)){
+						if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){
 							return MOSQ_ERR_SUCCESS;
 						}else{
 							return MOSQ_ERR_AUTH;