From 704208b766e390893e21fbb49aa3d03980787922 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Thu, 13 Feb 2020 15:54:16 +0100
Subject: [PATCH] * src/http.c (basic_authentication_encode): Remove use of
 alloca

---
 src/http.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/http.c b/src/http.c
index 70caf9d0..580d9d80 100644
--- a/src/http.c
+++ b/src/http.c
@@ -4970,16 +4970,32 @@ http_atotm (const char *time_string)
 static char *
 basic_authentication_encode (const char *user, const char *passwd)
 {
-  char *t1, *t2;
-  int len1 = strlen (user) + 1 + strlen (passwd);
+  char buf_t1[256], buf_t2[256];
+  char *t1, *t2, *ret;
+  size_t len1 = strlen (user) + 1 + strlen (passwd);
+
+  if (len1 < sizeof (buf_t1))
+    t1 = buf_t1;
+  else
+    t1 = xmalloc(len1 + 1);
+
+  if (BASE64_LENGTH (len1) < sizeof (buf_t2))
+    t2 = buf_t2;
+  else
+    t2 = xmalloc (BASE64_LENGTH (len1) + 1);
 
-  t1 = (char *)alloca (len1 + 1);
   sprintf (t1, "%s:%s", user, passwd);
-
-  t2 = (char *)alloca (BASE64_LENGTH (len1) + 1);
   wget_base64_encode (t1, len1, t2);
 
-  return concat_strings ("Basic ", t2, (char *) 0);
+  ret = concat_strings ("Basic ", t2, (char *) 0);
+
+  if (t2 != buf_t2)
+    xfree (t2);
+
+  if (t1 != buf_t1)
+    xfree (t1);
+
+  return ret;
 }
 
 #define SKIP_WS(x) do {                         \