Crash in Poco::Net::NTLMCredentials::parseChallengeMessage

[obiltschnig]

https://oss-fuzz.com/testcase-detail/4684696683872256

SIGSEGV in Poco::Net::NTLMCredentials::parseChallengeMessage:

==396==ERROR: AddressSanitizer: SEGV on unknown address 0x5031000005bf (pc 0x56ed2f794288 bp 0x7ffdf9df2810 sp 0x7ffdf9df27c0 T0)
==396==The signal is caused by a READ memory access.
    #0 0x56ed2f794288 in void std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__assign_trivial[abi:ne180100]<unsigned char const*, unsigned char const*>(unsigned char const*, unsigned char const*, unsigned long) /usr/local/include/c++/v1/string:2662:31
    #1 0x56ed2f794288 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>& std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::assign<unsigned char const*, 0>(unsigned char const*, unsigned char const*) /usr/local/include/c++/v1/string:2631:5
    #2 0x56ed2f793ab8 in Poco::Net::NTLMCredentials::parseChallengeMessage(unsigned char const*, unsigned long, Poco::Net::NTLMCredentials::ChallengeMessage&) [poco/Net/src/NTLMCredentials.cpp:254](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/src/NTLMCredentials.cpp#L254):19
    #3 0x56ed2f749981 in Poco::Net::HTTPNTLMCredentials::createNTLMMessage(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) [poco/Net/src/HTTPNTLMCredentials.cpp:154](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/src/HTTPNTLMCredentials.cpp#L154):8
    #4 0x56ed2f748faa in Poco::Net::HTTPNTLMCredentials::authenticate(Poco::Net::HTTPRequest&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) [poco/Net/src/HTTPNTLMCredentials.cpp:92](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/src/HTTPNTLMCredentials.cpp#L92):28
    #5 0x56ed2f7336c5 in Poco::Net::HTTPCredentials::authenticate(Poco::Net::HTTPRequest&, Poco::Net::HTTPResponse const&) [poco/Net/src/HTTPCredentials.cpp:104](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/src/HTTPCredentials.cpp#L104):10
    #6 0x56ed2f71d83d in LLVMFuzzerTestOneInput::$_1::operator()() const [poco/Net/fuzzing/HTTPParse.cpp:59](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/fuzzing/HTTPParse.cpp#L59):10
    #7 0x56ed2f71d83d in void catchExceptions<LLVMFuzzerTestOneInput::$_1>(LLVMFuzzerTestOneInput::$_1 const&) [poco/Net/fuzzing/HTTPParse.cpp:20](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/fuzzing/HTTPParse.cpp#L20):3
    #8 0x56ed2f71d83d in LLVMFuzzerTestOneInput [poco/Net/fuzzing/HTTPParse.cpp:47](https://github.com/pocoproject/poco/blob/bb0b8f8e81e309ec4e52389d225f0a89c260411b/Net/fuzzing/HTTPParse.cpp#L47):2
    #9 0x56ed2f5d1c30 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #10 0x56ed2f5bcea5 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
    #11 0x56ed2f5c293f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
    #12 0x56ed2f5edbe2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #13 0x7fc5246e4082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
    #14 0x56ed2f5b508d in _start