wget: stack buffer overflow risk in [redacted:auth-header] via sprintf+alloca

In src/http.c, wget's redacted:auth-header builds [REDACTED] into a stack buffer created by alloca() and then formats into it with sprintf() without any bound check. If attacker-controlled strings can reach [REDACTED] with sufficient length, sprintf can overflow the allocated stack buffer, leading to memory corruption.