svn commit: branches/busybox_1_6_stable: networking shell

[vda at busybox.net]

Author: vda
Date: 2007-06-30 08:06:45 -0700 (Sat, 30 Jun 2007)
New Revision: 18976

Log:
wget: fix buffer overflow in HTTP auth



Modified:
   branches/busybox_1_6_stable/networking/wget.c
   branches/busybox_1_6_stable/shell/Config.in


Changeset:
Modified: branches/busybox_1_6_stable/networking/wget.c
===================================================================
--- branches/busybox_1_6_stable/networking/wget.c	2007-06-30 14:47:41 UTC (rev 18975)
+++ branches/busybox_1_6_stable/networking/wget.c	2007-06-30 15:06:45 UTC (rev 18976)
@@ -267,11 +267,11 @@
 #if ENABLE_FEATURE_WGET_AUTHENTICATION
 			if (target.user) {
 				fprintf(sfp, "Authorization: Basic %s\r\n",
-					base64enc((unsigned char*)target.user, buf, sizeof(buf)));
+					base64enc((unsigned char*)target.user, buf, strlen(target.user)));
 			}
 			if (use_proxy && server.user) {
 				fprintf(sfp, "Proxy-Authorization: Basic %s\r\n",
-					base64enc((unsigned char*)server.user, buf, sizeof(buf)));
+					base64enc((unsigned char*)server.user, buf, strlen(server.user)));
 			}
 #endif
 

Modified: branches/busybox_1_6_stable/shell/Config.in
===================================================================
--- branches/busybox_1_6_stable/shell/Config.in	2007-06-30 14:47:41 UTC (rev 18975)
+++ branches/busybox_1_6_stable/shell/Config.in	2007-06-30 15:06:45 UTC (rev 18976)
@@ -179,6 +179,7 @@
 config HUSH_HELP
 	bool "help builtin"
 	default n
+	depends on HUSH
 	help
 	  Enable help builtin in hush. Code size + ~1 kbyte.
 
@@ -206,18 +207,21 @@
 config HUSH_TICK
 	bool "Process substitution"
 	default n
+	depends on HUSH
 	help
 	  Enable process substitution `command` and $(command) in hush.
 
 config HUSH_IF
 	bool "Support if/then/elif/else/fi"
 	default n
+	depends on HUSH
 	help
 	  Enable if/then/elif/else/fi in hush.
 
 config HUSH_LOOPS
 	bool "Support for, while and until loops"
 	default n
+	depends on HUSH
 	help
 	  Enable for, while and until loops in hush.