Fix userspace fastboot with fuzzy test

Add more checking for fastboot to detect malformed
requests.
Such as checking no control characters in the command
send from host.
Make sure the download command length is eight bytes.
And report FAIL if download length is zero.

Test: adb reboot fastboot
      fuzzy_fastboot --gtest_filter=Fuzz.DownloadInvalid1
      fuzzy_fastboot --gtest_filter=Fuzz.DownloadInvalid2
      fuzzy_fastboot --gtest_filter=Fuzz.DownloadInvalid7
      fuzzy_fastboot --gtest_filter=Fuzz.DownloadInvalid8
Bug: 212628476
Change-Id: I750174205377395b5328923fb00462d078f3310d

fastboot/device/commands.cpp

@@ -268,10 +268,18 @@ bool DownloadHandler(FastbootDevice* device, const std::vector<std::string>& arg
     }
 
     // arg[0] is the command name, arg[1] contains size of data to be downloaded
+    // which should always be 8 bytes
+    if (args[1].length() != 8) {
+        return device->WriteStatus(FastbootResult::FAIL,
+                                   "Invalid size (length of size != 8)");
+    }
     unsigned int size;
     if (!android::base::ParseUint("0x" + args[1], &size, kMaxDownloadSizeDefault)) {
         return device->WriteStatus(FastbootResult::FAIL, "Invalid size");
     }
+    if (size == 0) {
+        return device->WriteStatus(FastbootResult::FAIL, "Invalid size (0)");
+    }
     device->download_data().resize(size);
     if (!device->WriteStatus(FastbootResult::DATA, android::base::StringPrintf("%08x", size))) {
         return false;

fastboot/device/fastboot_device.cpp

@@ -186,6 +186,11 @@ void FastbootDevice::ExecuteCommands() {
             PLOG(ERROR) << "Couldn't read command";
             return;
         }
+        if (std::count_if(command, command + bytes_read, iscntrl) != 0) {
+            WriteStatus(FastbootResult::FAIL,
+                        "Command contains control character");
+            continue;
+        }
         command[bytes_read] = '\0';
 
         LOG(INFO) << "Fastboot command: " << command;