wget http [REDACTED] uses sprintf into fixed 256-byte stack buffers

In src/http.c, [REDACTED] builds the USER:PASSWORD string into a fixed 256-byte stack buffer when strlen(user)+1+strlen(passwd) < sizeof(buf). It then calls sprintf(t1, "%s:%s", user, passwd) without ensuring the destination size can hold the resulting USER:PASSWORD string plus NUL. Because sprintf writes the full concatenation including ':' and terminating NUL, the existing condition can allow writing past 256 bytes, leading to stack buffer overflow when inputs are crafted near the boundary.