Fix buffer over-read in wolfSSH_DoModes terminal mode parsing

The while loop condition only checked that the opcode byte was in bounds
(idx < modesSz) but not the 4-byte argument read by ato32(). When
modesSz had a remainder of 1 mod 5 and the trailing byte was a valid
opcode (1-159) rather than TTY_OP_END, ato32() would read 4 bytes past
the buffer. Change the loop guard to require a full TERMINAL_MODE_SZ
bytes remaining before entering the loop body.

Author: LinuxJedi

src/internal.c

@@ -8944,7 +8944,7 @@ int wolfSSH_DoModes(const byte* modes, word32 modesSz, int fd)
 
     tcgetattr(fd, &term);
 
-    while (idx < modesSz && modes[idx] != WOLFSSH_TTY_OP_END
+    while (idx + TERMINAL_MODE_SZ <= modesSz && modes[idx] != WOLFSSH_TTY_OP_END
             && modes[idx] < WOLFSSH_TTY_INVALID) {
 
         ato32(modes + idx + 1, &arg);