From 32a66a8e93626df3e1fa9dcee0a6046033c4c692 Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Sat, 30 Jun 2007 15:06:45 +0000 Subject: [PATCH] wget: fix buffer overflow in HTTP auth --- networking/wget.c | 4 ++-- shell/Config.in | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/networking/wget.c b/networking/wget.c index 2c060d77d..c06a09d72 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -267,11 +267,11 @@ int wget_main(int argc, char **argv) #if ENABLE_FEATURE_WGET_AUTHENTICATION if (target.user) { fprintf(sfp, "Authorization: Basic %s\r\n", - base64enc((unsigned char*)target.user, buf, sizeof(buf))); + base64enc((unsigned char*)target.user, buf, strlen(target.user))); } if (use_proxy && server.user) { fprintf(sfp, "Proxy-Authorization: Basic %s\r\n", - base64enc((unsigned char*)server.user, buf, sizeof(buf))); + base64enc((unsigned char*)server.user, buf, strlen(server.user))); } #endif diff --git a/shell/Config.in b/shell/Config.in index 90479013e..0689b4ec2 100644 --- a/shell/Config.in +++ b/shell/Config.in @@ -179,6 +179,7 @@ config HUSH config HUSH_HELP bool "help builtin" default n + depends on HUSH help Enable help builtin in hush. Code size + ~1 kbyte. @@ -206,18 +207,21 @@ config HUSH_JOB config HUSH_TICK bool "Process substitution" default n + depends on HUSH help Enable process substitution `command` and $(command) in hush. config HUSH_IF bool "Support if/then/elif/else/fi" default n + depends on HUSH help Enable if/then/elif/else/fi in hush. config HUSH_LOOPS bool "Support for, while and until loops" default n + depends on HUSH help Enable for, while and until loops in hush. -- 2.25.1