From 9c8b7cd80118578abff858fa2006edb9173a272b Mon Sep 17 00:00:00 2001
From: Rainer Jung <rjung@apache.org>
Date: Thu, 15 Mar 2018 22:51:29 +0000
Subject: [PATCH] Merge 1781509 from trunk:

htpasswd: don't point to (unused) stack memory on output
to make static analysers happy.  PR 60634.

Submitted by: rjung
Reviewed by: rjung, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826886 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES            | 4 ++++
 STATUS             | 7 -------
 support/htpasswd.c | 9 +++++++--
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index f62ef5dfee..51bc9948bc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.33
 
+  *) htpasswd: don't point to (unused) stack memory on output
+     to make static analysers happy.  PR 60634.
+     [Yann Ylavic, reported by shqking and Zhenwei Zou]
+
   *) ab: LibreSSL doesn't have or require Windows applink.c.  [Gregg L. Smith]
 
 Changes with Apache 2.4.32
diff --git a/STATUS b/STATUS
index eaaa95de3a..dc57864011 100644
--- a/STATUS
+++ b/STATUS
@@ -126,13 +126,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.4.x patch: svn merge -c 1826686 ^/httpd/httpd/trunk .
      +1: jailletc36, ylavic, covener
 
-  *) htpasswd: don't point to (unused) stack memory on output
-     to make static analysers happy.  PR 60634.
-     trunk patch: http://svn.apache.org/r1781509
-     2.4.x patch: svn merge -c 1781509 ^/httpd/httpd/trunk .
-                  plus CHANGES
-     +1: rjung, ylavic, covener
-
   *) htpasswd: Don't fail in -v mode if password file is unwritable.
      PR 61631.
      This brings 2.4.x htpasswd in sync with trunk.
diff --git a/support/htpasswd.c b/support/htpasswd.c
index 93308d8e93..65a0b9c3bb 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -75,15 +75,20 @@ static int mkrecord(struct passwd_ctx *ctx, char *user)
 {
     char hash_str[MAX_STRING_LEN];
     int ret;
+
     ctx->out = hash_str;
     ctx->out_len = sizeof(hash_str);
 
     ret = mkhash(ctx);
-    if (ret)
+    if (ret) {
+        ctx->out = NULL;
+        ctx->out_len = 0;
         return ret;
+    }
 
     ctx->out = apr_pstrcat(ctx->pool, user, ":", hash_str, NL, NULL);
-    if (strlen(ctx->out) >= MAX_STRING_LEN) {
+    ctx->out_len = strlen(ctx->out);
+    if (ctx->out_len >= MAX_STRING_LEN) {
         ctx->errstr = "resultant record too long";
         return ERR_OVERFLOW;
     }
-- 
2.40.0