htpasswd: don't point to (unused) stack memory on output

to make static analysers happy.  PR 60634.

Reported by shqking and Zhenwei Zou.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1781509 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 7 insertions, 2 deletions

diff --git a/support/htpasswd.c b/support/htpasswd.c
index 11023499a4..e627f8b9bf 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -75,15 +75,20 @@ static int mkrecord(struct passwd_ctx *ctx, char *user)
 {
     char hash_str[MAX_STRING_LEN];
     int ret;
+
     ctx->out = hash_str;
     ctx->out_len = sizeof(hash_str);
 
     ret = mkhash(ctx);
-    if (ret)
+    if (ret) {
+        ctx->out = NULL;
+        ctx->out_len = 0;
         return ret;
+    }
 
     ctx->out = apr_pstrcat(ctx->pool, user, ":", hash_str, NL, NULL);
-    if (strlen(ctx->out) >= MAX_STRING_LEN) {
+    ctx->out_len = strlen(ctx->out);
+    if (ctx->out_len >= MAX_STRING_LEN) {
         ctx->errstr = "resultant record too long";
         return ERR_OVERFLOW;
     }