Fix OOB read/write in interopserver POST filename parsing (#6055)

## Description

 ## Summary
- `HttpRequest::ReceiveUniDiData` called `strstr(FileName, "\r\n")` on a
raw `QUIC_BUFFER` from
`Event->RECEIVE.Buffers`, which is not NUL-terminated. A peer sending
`POST ` followed by non-CRLF bytes with no NUL
byte in the first delivered buffer caused `strstr` to walk past
`FirstBuffer->Buffer + FirstBuffer->Length` into
adjacent memory, and the subsequent `*FileNameEnd = '\0'` wrote a NUL
byte outside the receive buffer
- Replaced `strstr` with a bounded scan limited to `FirstBuffer->Length
- 5`, and copy the filename into a local
NUL-terminated buffer instead of mutating the receive buffer. Also added
an explicit length cap so the filename can't
  silently truncate inside the later `snprintf`.

## Testing
NA 
## Documentation
NA

Author: gaurav2699

src/tools/interopserver/InteropServer.cpp

@@ -11,6 +11,8 @@
 
 #include "InteropServer.h"
 
+#include <algorithm>
+
 const QUIC_API_TABLE* MsQuic;
 HQUIC Configuration;
 const char* RootFolderPath;
@@ -313,13 +315,18 @@ HttpRequest::ReceiveUniDiData(
             return false;
         }
 
-        char* FileName = (char*)FirstBuffer->Buffer + 5;
+        char HeaderBuf[256];
+        const size_t CopyLen = std::min((size_t)FirstBuffer->Length, sizeof(HeaderBuf) - 1);
+        memcpy(HeaderBuf, FirstBuffer->Buffer, CopyLen);
+        HeaderBuf[CopyLen] = '\0';
+
+        char* FileName = HeaderBuf + 5;
         char* FileNameEnd = strstr(FileName, "\r\n");
         if (FileNameEnd == nullptr) {
             printf("[%s] Invalid post suffix\n", GetRemoteAddr(MsQuic, QuicStream).Address);
             return false;
         }
-        *FileNameEnd = '\0'; // We shouldn't be writing to the buffer. Don't imitate this.
+        *FileNameEnd = '\0';
 
         if (strstr(FileName, "..") != nullptr) {
             printf("[%s] '..' found\n", GetRemoteAddr(MsQuic, QuicStream).Address);
@@ -339,8 +346,7 @@ HttpRequest::ReceiveUniDiData(
             return false;
         }
 
-        FileNameEnd += 2; // Skip "\r\n"
-        SkipLength = (uint32_t)((uint8_t*)FileNameEnd - FirstBuffer->Buffer);
+        SkipLength = (uint32_t)((FileNameEnd - HeaderBuf) + 2);
     }
 
     for (uint32_t i = 0; i < BufferCount; ++i) {

src/tools/interopserver/InteropServer.h

@@ -7,6 +7,8 @@
 
 #define _CRT_SECURE_NO_WARNINGS 1
 
+#define NOMINMAX
+
 #define QUIC_API_ENABLE_PREVIEW_FEATURES
 
 #include "msquichelper.h"