[Toybox] [PATCH] wget: do not append toybox version at runtime

[Ariadne Conill]

The sprintf() call, while technically valid (17 bytes fits in an 18
byte allocation) trips Alpine fortify-headers due to checking for
allocations that could potentially overrun.

The call is pointless anyway -- as we are appending a constant to
another constant, it is better to just let the compiler do so and
calculate the size.  This is supported by ISO C89 and later, and
thus any compiler that would be used to compile toybox.

Signed-off-by: Ariadne Conill <ariadne at dereferenced.org>
---
 toys/pending/wget.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/toys/pending/wget.c b/toys/pending/wget.c
index 21d44466..75fad3f4 100644
--- a/toys/pending/wget.c
+++ b/toys/pending/wget.c
@@ -135,7 +135,7 @@ void wget_main(void)
   FILE *fp;
   ssize_t len, body_len;
   char *body, *result, *rc, *r_str, *redir_loc = 0;
-  char ua[18] = "toybox wget",  hostname[1024], port[6], path[1024];
+  char ua[] = "toybox wget/" TOYBOX_VERSION, hostname[1024], port[6], path[1024];
 
   // TODO extract filename to be saved from URL
   if (!(toys.optflags & FLAG_O)) help_exit("no filename");
@@ -144,7 +144,6 @@ void wget_main(void)
   if(!toys.optargs[0]) help_exit("no URL");
   get_info(toys.optargs[0], hostname, port, path);
 
-  sprintf(ua+11, "/%s", TOYBOX_VERSION);
   for (;; redirects--) {
     sock = conn_svr(hostname, port);
     // compose HTTP request
-- 
2.27.0