wget: fix buffer overflow in HTTP auth

diff --git a/networking/wget.c b/networking/wget.c
index 2c060d77d5f170aaed829c1c1ac176d128dfab62..c06a09d729bf076ecaf67f8e0c9c385118a94040 100644 (file)
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -267,11 +267,11 @@ int wget_main(int argc, char **argv)
 #if ENABLE_FEATURE_WGET_AUTHENTICATION
                        if (target.user) {
                                fprintf(sfp, "Authorization: Basic %s\r\n",
-                                       base64enc((unsigned char*)target.user, buf, sizeof(buf)));
+                                       base64enc((unsigned char*)target.user, buf, strlen(target.user)));
                        }
                        if (use_proxy && server.user) {
                                fprintf(sfp, "Proxy-Authorization: Basic %s\r\n",
-                                       base64enc((unsigned char*)server.user, buf, sizeof(buf)));
+                                       base64enc((unsigned char*)server.user, buf, strlen(server.user)));
                        }
 #endif
 

diff --git a/shell/Config.in b/shell/Config.in
index 90479013eb32ff6044109ded967d55ce0624c9ef..0689b4ec274dc277c0f1211752ab88e34e7b43ca 100644 (file)
--- a/shell/Config.in
+++ b/shell/Config.in
@@ -179,6 +179,7 @@ config HUSH
 config HUSH_HELP
        bool "help builtin"
        default n
+       depends on HUSH
        help
          Enable help builtin in hush. Code size + ~1 kbyte.
 
@@ -206,18 +207,21 @@ config HUSH_JOB
 config HUSH_TICK
        bool "Process substitution"
        default n
+       depends on HUSH
        help
          Enable process substitution `command` and $(command) in hush.
 
 config HUSH_IF
        bool "Support if/then/elif/else/fi"
        default n
+       depends on HUSH
        help
          Enable if/then/elif/else/fi in hush.
 
 config HUSH_LOOPS
        bool "Support for, while and until loops"
        default n
+       depends on HUSH
        help
          Enable for, while and until loops in hush.