Merge 1781509 from trunk: (68568174) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.4.33

		*) htpasswd: don't point to (unused) stack memory on output
		to make static analysers happy. PR 60634.
		[Yann Ylavic, reported by shqking and Zhenwei Zou]

		*) ab: LibreSSL doesn't have or require Windows applink.c. [Gregg L. Smith]

		Changes with Apache 2.4.32

+0 −7

Original line number	Diff line number	Diff line
		@@ -126,13 +126,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		2.4.x patch: svn merge -c 1826686 ^/httpd/httpd/trunk .
		+1: jailletc36, ylavic, covener

		*) htpasswd: don't point to (unused) stack memory on output
		to make static analysers happy. PR 60634.
		trunk patch: http://svn.apache.org/r1781509
		2.4.x patch: svn merge -c 1781509 ^/httpd/httpd/trunk .
		plus CHANGES
		+1: rjung, ylavic, covener

		*) htpasswd: Don't fail in -v mode if password file is unwritable.
		PR 61631.
		This brings 2.4.x htpasswd in sync with trunk.

+7 −2

Original line number	Diff line number	Diff line
		@@ -75,15 +75,20 @@ static int mkrecord(struct passwd_ctx ctx, char user)
		{
		char hash_str[MAX_STRING_LEN];
		int ret;

		ctx->out = hash_str;
		ctx->out_len = sizeof(hash_str);

		ret = mkhash(ctx);
		if (ret)
		if (ret) {
		ctx->out = NULL;
		ctx->out_len = 0;
		return ret;
		}

		ctx->out = apr_pstrcat(ctx->pool, user, ":", hash_str, NL, NULL);
		if (strlen(ctx->out) >= MAX_STRING_LEN) {
		ctx->out_len = strlen(ctx->out);
		if (ctx->out_len >= MAX_STRING_LEN) {
		ctx->errstr = "resultant record too long";
		return ERR_OVERFLOW;
		}