apps/netutils/ftpc: Fix some cornercases that could cause FTP to access past the end of valid data.

netutils/ftpc/ftpc_transfer.c

@@ -211,7 +211,7 @@ static int ftp_cmd_pasv(FAR struct ftpc_session_s *session,
   /* Skip over any leading stuff before important data begins */
 
   ptr = session->reply + 4;
-  while (!isdigit((int)*ptr))
+  while (*ptr != '\0' && !isdigit((int)*ptr))
     {
       ptr++;
     }

netutils/ftpc/ftpc_utils.c

@@ -86,6 +86,7 @@ int ftpc_nibble(char ch)
     {
       return (unsigned int)ch - 'a' + 10;
     }
+
   return ERROR;
 }
 
@@ -163,11 +164,11 @@ void ftpc_stripcrlf(FAR char *str)
       len = strlen(str);
       if (len > 0)
         {
-          ptr = str + len - 1;
+          for (ptr = str + len - 1;
-          while (*ptr == '\r' || *ptr == '\n')
+               len > 0 && (*ptr == '\r' || *ptr == '\n');
+               ptr--, len--;
             {
               *ptr = '\0';
-              ptr--;
             }
         }
     }
@@ -228,11 +229,13 @@ FAR char *ftpc_dequote(FAR const char *str)
           /* Search the string */
 
           ptr = allocstr;
-          while (*str)
+          while (*str != '\0')
             {
-              /* Check for a quoted hex value */
+              /* Check for a quoted hex value (make sure that there are
+               * least 3 characters remaining in the string.
+               */
 
-              if (str[0] == '%')
+              if (len > 2 && str[0] == '%')
                 {
                   /* Extract the hex value */
 
@@ -246,6 +249,7 @@ FAR char *ftpc_dequote(FAR const char *str)
 
                           *ptr++ = (char)(ms << 8 | ls);
                           str += 3;
+                          len -= 3;
                           continue;
                         }
                     }
@@ -254,6 +258,7 @@ FAR char *ftpc_dequote(FAR const char *str)
               /* Just transfer the character */
 
               *ptr++ = *str++;
+              len--;
             }
 
           /* NUL terminate */