htpasswd: don't point to (unused) stack memory on output
to make static analysers happy. PR 60634.
Submitted by: rjung
Reviewed by: rjung, ylavic, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1826886 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.4.33
+ *) htpasswd: don't point to (unused) stack memory on output
+ to make static analysers happy. PR 60634.
+ [Yann Ylavic, reported by shqking and Zhenwei Zou]
+
*) ab: LibreSSL doesn't have or require Windows applink.c. [Gregg L. Smith]
Changes with Apache 2.4.32
2.4.x patch: svn merge -c 1826686 ^/httpd/httpd/trunk .
+1: jailletc36, ylavic, covener
- *) htpasswd: don't point to (unused) stack memory on output
- to make static analysers happy. PR 60634.
- trunk patch: http://svn.apache.org/r1781509
- 2.4.x patch: svn merge -c 1781509 ^/httpd/httpd/trunk .
- plus CHANGES
- +1: rjung, ylavic, covener
-
*) htpasswd: Don't fail in -v mode if password file is unwritable.
PR 61631.
This brings 2.4.x htpasswd in sync with trunk.
{
char hash_str[MAX_STRING_LEN];
int ret;
+
ctx->out = hash_str;
ctx->out_len = sizeof(hash_str);
ret = mkhash(ctx);
- if (ret)
+ if (ret) {
+ ctx->out = NULL;
+ ctx->out_len = 0;
return ret;
+ }
ctx->out = apr_pstrcat(ctx->pool, user, ":", hash_str, NL, NULL);
- if (strlen(ctx->out) >= MAX_STRING_LEN) {
+ ctx->out_len = strlen(ctx->out);
+ if (ctx->out_len >= MAX_STRING_LEN) {
ctx->errstr = "resultant record too long";
return ERR_OVERFLOW;
}
projects / apache / commitdiff