diff --git a/dlls/ntdll/file.c b/dlls/ntdll/file.c
index 29295906f01..3d7c3ebad58 100644
--- a/dlls/ntdll/file.c
+++ b/dlls/ntdll/file.c
@@ -2213,6 +2213,10 @@ NTSTATUS WINAPI NtCreateMailslotFile(PHANDLE pHandle, ULONG DesiredAccess,
 
     if (!pHandle) return STATUS_ACCESS_VIOLATION;
 
+    if (!attr) return STATUS_INVALID_PARAMETER;
+
+    if (!attr->ObjectName) return STATUS_OBJECT_PATH_SYNTAX_BAD;
+
     if (attr->ObjectName->Length < sizeof(leadin) ||
         strncmpiW( attr->ObjectName->Buffer, 
                    leadin, sizeof(leadin)/sizeof(leadin[0]) ))
diff --git a/dlls/ntdll/tests/file.c b/dlls/ntdll/tests/file.c
index f3a3867c550..ee49b93a2bb 100644
--- a/dlls/ntdll/tests/file.c
+++ b/dlls/ntdll/tests/file.c
@@ -80,9 +80,41 @@ static void nt_mailslot_test(void)
 
     if  ( rc == STATUS_SUCCESS ) rc = pNtClose(hslot);
 
+    /*
+     * Test that the length field is checked properly
+     */
+    attr.Length = 0;
+    rc = pNtCreateMailslotFile(&hslot, DesiredAccess,
+         &attr, &IoStatusBlock, CreateOptions, MailslotQuota, MaxMessageSize,
+         &TimeOut);
+    todo_wine ok( rc == STATUS_INVALID_PARAMETER, "rc = %x not c000000d STATUS_INVALID_PARAMETER\n", rc);
+
+    if  (rc == STATUS_SUCCESS) pNtClose(hslot);
+
+    attr.Length = sizeof(OBJECT_ATTRIBUTES)+1;
+    rc = pNtCreateMailslotFile(&hslot, DesiredAccess,
+         &attr, &IoStatusBlock, CreateOptions, MailslotQuota, MaxMessageSize,
+         &TimeOut);
+    todo_wine ok( rc == STATUS_INVALID_PARAMETER, "rc = %x not c000000d STATUS_INVALID_PARAMETER\n", rc);
+
+    if  (rc == STATUS_SUCCESS) pNtClose(hslot);
+
+    /*
+     * Test handling of a NULL unicode string in ObjectName
+     */
+    InitializeObjectAttributes(&attr, &str, OBJ_CASE_INSENSITIVE, 0, NULL);
+    attr.ObjectName = NULL;
+    rc = pNtCreateMailslotFile(&hslot, DesiredAccess,
+         &attr, &IoStatusBlock, CreateOptions, MailslotQuota, MaxMessageSize,
+         &TimeOut);
+    ok( rc == STATUS_OBJECT_PATH_SYNTAX_BAD, "rc = %x not c000003b STATUS_OBJECT_PATH_SYNTAX_BAD\n", rc);
+
+    if  (rc == STATUS_SUCCESS) pNtClose(hslot);
+
     /*
      * Test a valid call
      */
+    InitializeObjectAttributes(&attr, &str, OBJ_CASE_INSENSITIVE, 0, NULL);
     rc = pNtCreateMailslotFile(&hslot, DesiredAccess,
          &attr, &IoStatusBlock, CreateOptions, MailslotQuota, MaxMessageSize,
          &TimeOut);