diff --git a/libfreerdp-core/info.c b/libfreerdp-core/info.c
index 53b4c321e..a10999ba5 100644
--- a/libfreerdp-core/info.c
+++ b/libfreerdp-core/info.c
@@ -243,10 +243,10 @@ boolean rdp_read_client_auto_reconnect_cookie(STREAM* s, rdpSettings* settings)
 	if (stream_get_left(s) < 28)
 		return false;
 
-	stream_write_uint32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
-	stream_write_uint32(s, autoReconnectCookie->version); /* version (4 bytes) */
-	stream_write_uint32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
-	stream_write(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier */
+	stream_read_uint32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
+	stream_read_uint32(s, autoReconnectCookie->version); /* version (4 bytes) */
+	stream_read_uint32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
+	stream_read(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier */
 
 	return true;
 }
@@ -473,7 +473,6 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings)
 	uint16 cbUserName;
 	uint8* password;
 	uint16 cbPassword;
-	size_t passwordLength;
 	uint8* alternateShell;
 	uint16 cbAlternateShell;
 	uint8* workingDir;
@@ -516,13 +515,12 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings)
 	{
 		usedPasswordCookie = true;
 		password = (uint8*)settings->password_cookie->data;
-		passwordLength = settings->password_cookie->length;
-		cbPassword = passwordLength - 2;
+		cbPassword = settings->password_cookie->length - 2;	/* Strip double zero termination */
 	}
 	else
 	{
-		password = (uint8*)freerdp_uniconv_out(settings->uniconv, settings->password, &passwordLength);
-		cbPassword = passwordLength;
+		password = (uint8*)freerdp_uniconv_out(settings->uniconv, settings->password, &length);
+		cbPassword = length;
 	}
 
 	alternateShell = (uint8*)freerdp_uniconv_out(settings->uniconv, settings->shell, &length);
@@ -549,7 +547,7 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings)
 	stream_write_uint16(s, 0);
 
 	if (cbPassword > 0)
-		stream_write(s, password, passwordLength);
+		stream_write(s, password, cbPassword);
 	stream_write_uint16(s, 0);
 
 	if (cbAlternateShell > 0)
diff --git a/libfreerdp-core/redirection.c b/libfreerdp-core/redirection.c
index 113c65a9e..6568084ae 100644
--- a/libfreerdp-core/redirection.c
+++ b/libfreerdp-core/redirection.c
@@ -105,7 +105,7 @@ boolean rdp_recv_server_redirection_pdu(rdpRdp* rdp, STREAM* s)
 	if (redirection->flags & LB_PASSWORD)
 	{
 		uint32 passwordLength;
-		stream_read_uint32(s, passwordLength);
+		stream_read_uint32(s, passwordLength);	/* Note: length (hopefully) includes double zero termination */
 		freerdp_blob_alloc(&redirection->password_cookie, passwordLength);
 		stream_read(s, redirection->password_cookie.data, passwordLength);