add length validation for Lock-Token to prevent underflow

[metsw24-max]

This change improves the handling of the Lock-Token request header in mod_dav by adding proper length validation before performing string indexing and trimming operations

The existing implementation processes the Lock-Token header without verifying that the string length is sufficient before

-Accessing lock_token_hdr[len - 1]
-Computing len - 2 for apr_pstrndup

[metsw24-max]

Ensure safe handling of Lock-Token headers by validating string length
before indexing and trimming operations. Prevents potential out-of-bounds
access and size underflow when processing malformed or empty inputs.

Guard access to [0] and [len - 1] with len > 0 checks
Ensure len >= 2 before trimming angle brackets
Reject malformed inputs ->example: <abc, abc>,etc
Apply consistent validation pattern across mod_dav and ms_wdv

This change improves robustness and establishes a safer parsing pattern
for similar header handling paths.

[notroj]

This mod_dav.c change doesn't compile, so it is not obvious that you are "improving robustness" here.

[metsw24-max]

@notroj I have fixed the compilation issue and pushed an updated patch

[notroj]

Seems like we now have a complex test duplicated across two places. How about making a single new function in dav/main/util.c which safely extracts the Lock-Token header, returns it stripped of <> via a char ** output pointer, and returns dav_error * for the error case

[metsw24-max]

@notroj
Refactored the duplicated Lock-Token parsing logic into a single helper function dav_parse_locktoken in util.c.

This centralizes validation, ensures safe length checks, and avoids out-of-bounds access. The function returns a dav_error * on failure and provides the stripped token via an output parameter.

Both mod_dav.c and ms_wdv.c have been updated to use this helper removing duplication and aligning behavior across modules.

[metsw24-max]

I have implemented the helper-based refactor for Lock-Token parsing as discussed

[notroj]

Thanks a lot for updating the PR, couple more bits of feedback here.

[notroj]

This is unnecessary, we don't generally do argument validation in httpd

[notroj]

Use apr_pstrememdup() here

[notroj]

For both the error paths I'd say just use "Malformed Lock-Token" since it's used to parse headers as well.

[metsw24-max]

-removed redundant validation
-switched to apr_pmemdup as suggested
-unified error handling to "Malformed Lock-Token"