Fix Content-Length buffer overflow and add regression tests

[Phlegmelm]

Summary

Stack buffer overflow in Decoder::reassemble() — the Content-Length
header value was copied into a fixed-size stack buffer with no length
check, allowing attacker-controlled input to overflow the buffer pre-auth.

Reported via GHSA-rh3p-qxp2-vx3f.

Root cause

contrib/sip_proxy/filters/network/source/decoder.cc passed an
attacker-controlled length directly to copyOut() without bounds checking:

char len[10]{};
remaining_data.copyOut(offset, value_len, len); // value_len unchecked

Changes

• Restored content_length_end == -1 guard to prevent length underflow
• Added value_len <= 0 guard to reject malformed empty/zero-span headers
• Clamped copy to min(value_len, sizeof(len) - 1) — copyOut can no
  longer write past the buffer
• Replaced std::atoi with absl::SimpleAtoi into uint32_t — rejects
  negative, non-numeric, and out-of-range values
• Added Bazel dep @abseil-cpp//absl/strings to decoder_lib
• Added regression tests: DecodeOverlongContentLengthDoesNotOverflow,
  DecodeNegativeContentLengthIsRejected

Testing

Not compiled on Windows — verified by review and against the buffer API
contract. Linux build target:
//contrib/sip_proxy/filters/network/test:decoder_test

[repokitteh-read-only]

Hi @Phlegmelm, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #45371 was opened by Phlegmelm.

see: more, trace.

[yanavlasov]

Thanks. Just a small suggestion to use string_view instead of copying data.

/wait

[yanavlasov]

Creating absl::string_view into the content, instead of copying may be better. It will also avoid constructing absl::string_view later on.