Fix handle mis-parse

This could lead to the server process
accessing uninitialized data.

In some deployment models this would
be a vulnerability. However, the README
specifically warns about avoiding such
deployment models, so this patch is not
going to be treated as a vulnerability fix.

Author: ewxrjk

parse.c

@@ -97,8 +97,11 @@ uint32_t sftp_parse_path(struct sftpjob *job, char **strp) {
 uint32_t sftp_parse_handle(struct sftpjob *job, struct handleid *id) {
   uint32_t len, rc;
 
-  if((rc = sftp_parse_uint32(job, &len)) != SSH_FX_OK || len != 8 ||
-     (rc = sftp_parse_uint32(job, &id->id)) != SSH_FX_OK ||
+  if((rc = sftp_parse_uint32(job, &len)) != SSH_FX_OK)
+    return rc;
+  if(len != 8)
+    return SSH_FX_BAD_MESSAGE;
+  if((rc = sftp_parse_uint32(job, &id->id)) != SSH_FX_OK ||
      (rc = sftp_parse_uint32(job, &id->tag) != SSH_FX_OK))
     return rc;
   return SSH_FX_OK;