fix: buffer overflow in multipart body proc

[airween]

what

This PR fixes a possible heap buffer overflow in multipart body processor.

why

There is a bug report, received in email from @fumfel and his team. Also they provided this fix.

references

The original report:

Root Cause
----------

Bug A: The condition checks *(p+1) and *(p+2) for hex digits. When
*(p+1) is the last byte before the null terminator, the short-circuit
evaluation of the || chain does NOT prevent *(p+2) from being read.
The condition (!isxdigit(*(p+1))) is false when *(p+1) is a hex digit,
so evaluation continues to (!isxdigit(*(p+2))) which reads past the
allocation.

Bug B: After the while loop that scans a quoted value, the code
unconditionally does p++ to skip the closing quote. But if the string
ended without a closing quote (the loop exited on *p == '\0'), this
advances the pointer past the null terminator, causing subsequent
reads to access out-of-bounds memory.

other notes

After a review and a short discussion, @fumfel and his team confirmed that this issue can occur if the source code was built with ASAN flags.

[Copilot]

Pull request overview

Fixes a potential out-of-bounds read/heap buffer overflow in multipart Content-Disposition parsing, based on an external bug report.

Changes:

• Adds an explicit *(p+2) == '\0' guard before validating the second hex digit in filename* percent-escapes.
• Avoids incrementing p past the string terminator when a quoted parameter value is missing a closing quote.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[airween]

We can take a look at the mentioned issues later (eg. url-encoded quotes in filename), but this fix is important. Thank you to everyone.