Index: support/passwd_common.c
===================================================================
--- a/support/passwd_common.c	(revision 1476673)
+++ b/support/passwd_common.c	(working copy)
@@ -113,17 +113,17 @@
 
 int get_password(struct passwd_ctx *ctx)
 {
+    char buf[MAX_STRING_LEN + 1];
     if (ctx->passwd_src == PW_STDIN) {
-        char *buf = ctx->out;
         apr_file_t *file_stdin;
         apr_size_t nread;
         if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
             ctx->errstr = "Unable to read from stdin.";
             return ERR_GENERAL;
         }
-        if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
+        if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
                                &nread) != APR_EOF
-            || nread == ctx->out_len - 1) {
+            || nread == sizeof(buf) - 1) {
             goto err_too_long;
         }
         buf[nread] = '\0';
@@ -133,21 +133,24 @@
                 buf[nread-2] = '\0';
         }
         apr_file_close(file_stdin);
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
     }
     else {
-        char buf[MAX_STRING_LEN + 1];
         apr_size_t bufsize = sizeof(buf);
-        if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
+        if (apr_password_get("New password: ", buf, &bufsize) != 0)
             goto err_too_long;
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
+        bufsize = sizeof(buf);
+        buf[0] = '\0';
         apr_password_get("Re-type new password: ", buf, &bufsize);
-        if (strcmp(ctx->out, buf) != 0) {
+        if (strcmp(ctx->passwd, buf) != 0) {
             ctx->errstr = "password verification error";
-            memset(ctx->out, '\0', ctx->out_len);
+            memset(ctx->passwd, '\0', strlen(ctx->passwd));
             memset(buf, '\0', sizeof(buf));
             return ERR_PWMISMATCH;
         }
-        memset(buf, '\0', sizeof(buf));
     }
+    memset(buf, '\0', sizeof(buf));
     return 0;
 
 err_too_long:
@@ -164,7 +167,6 @@
 int mkhash(struct passwd_ctx *ctx)
 {
     char *pw;
-    char pwin[MAX_STRING_LEN];
     char salt[16];
     apr_status_t rv;
     int ret = 0;
@@ -177,14 +179,11 @@
                         "Warning: Ignoring -C argument for this algorithm." NL);
     }
 
-    if (ctx->passwd != NULL) {
-        pw = ctx->passwd;
-    }
-    else {
+    if (ctx->passwd == NULL) {
         if ((ret = get_password(ctx)) != 0)
             return ret;
-        pw = pwin;
     }
+    pw = ctx->passwd;
 
     switch (ctx->alg) {
     case ALG_APSHA:
@@ -224,7 +223,7 @@
 
         apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
         if (strlen(pw) > 8) {
-            char *truncpw = strdup(pw);
+            char *truncpw = apr_pstrdup(ctx->pool, pw);
             truncpw[8] = '\0';
             if (!strcmp(ctx->out, crypt(truncpw, salt))) {
                 apr_file_printf(errfile, "Warning: Password truncated to 8 "
Index: support/htpasswd.c
===================================================================
--- a/support/htpasswd.c	(revision 1476673)
+++ b/support/htpasswd.c	(working copy)
@@ -253,7 +253,6 @@
 int main(int argc, const char * const argv[])
 {
     apr_file_t *fpw = NULL;
-    const char *errstr = NULL;
     char line[MAX_STRING_LEN];
     char *pwfilename = NULL;
     char *user = NULL;
@@ -345,7 +344,7 @@
     if (!(mask & APHTP_DELUSER)) {
         i = mkrecord(&ctx, user);
         if (i != 0) {
-            apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
+            apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
             exit(i);
         }
         if (mask & APHTP_NOFILE) {