wget: fix buffer overflow in HTTP auth

2 files changed, 6 insertions, 2 deletions

diff --git a/networking/wget.c b/networking/wget.c
index 2c060d7..c06a09d 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -267,11 +267,11 @@ int wget_main(int argc, char **argv)
 #if ENABLE_FEATURE_WGET_AUTHENTICATION
 			if (target.user) {
 				fprintf(sfp, "Authorization: Basic %s\r\n",
-					base64enc((unsigned char*)target.user, buf, sizeof(buf)));
+					base64enc((unsigned char*)target.user, buf, strlen(target.user)));
 			}
 			if (use_proxy && server.user) {
 				fprintf(sfp, "Proxy-Authorization: Basic %s\r\n",
-					base64enc((unsigned char*)server.user, buf, sizeof(buf)));
+					base64enc((unsigned char*)server.user, buf, strlen(server.user)));
 			}
 #endif
 
diff --git a/shell/Config.in b/shell/Config.in
index 9047901..0689b4e 100644
--- a/shell/Config.in
+++ b/shell/Config.in
@@ -179,6 +179,7 @@ config HUSH
 config HUSH_HELP
 	bool "help builtin"
 	default n
+	depends on HUSH
 	help
 	  Enable help builtin in hush. Code size + ~1 kbyte.
 
@@ -206,18 +207,21 @@ config HUSH_JOB
 config HUSH_TICK
 	bool "Process substitution"
 	default n
+	depends on HUSH
 	help
 	  Enable process substitution `command` and $(command) in hush.
 
 config HUSH_IF
 	bool "Support if/then/elif/else/fi"
 	default n
+	depends on HUSH
 	help
 	  Enable if/then/elif/else/fi in hush.
 
 config HUSH_LOOPS
 	bool "Support for, while and until loops"
 	default n
+	depends on HUSH
 	help
 	  Enable for, while and until loops in hush.