CVPN-2035: Fix using correct struct for validating length

Existing code had used `he_msg_auth_hdr_t` instead of `he_msg_auth_buf_t`
or `he_msg_auth_token_t` struct.
The difference between the structs `he_msg_auth_buf_t` and `he_msg_auth_hdr_t` is 2.

This causes memory bounding logic to fail, allowing malicious requests
with additional 2 bytes in length to continue. (ex: actual buf: 2 bytes, buf_length: 4)
But since we use local stack buffer which is reseted on every packet, the bytes
sent to the callback could only be having 0 values.
https://github.com/expressvpn/lightway-core/blob/d51702d8f8bd37874e5e70da434bf22930a6b48a/src/he/flow.c#L464

Fix this by using the correct struct in bound checking.
Tests which were added in previous commit will pass now.

Author: kp-mariappan-ramasamy

src/he/msg_handlers.c

@@ -279,7 +279,7 @@ he_return_code_t he_handle_msg_auth(he_conn_t *conn, uint8_t *packet, int length
 
         // Check the auth token length
         uint16_t auth_token_length = ntohs(msg_token->token_length);
-        if(auth_token_length > (length - sizeof(he_msg_auth_hdr_t))) {
+        if(auth_token_length > (length - sizeof(he_msg_auth_token_t))) {
           return HE_ERR_PACKET_TOO_SMALL;
         }
         auth_state = conn->auth_token_cb(conn, msg_token->token, auth_token_length, conn->data);
@@ -298,7 +298,7 @@ he_return_code_t he_handle_msg_auth(he_conn_t *conn, uint8_t *packet, int length
 
         // Check the auth buffer length
         uint16_t auth_buf_length = ntohs(msg_buf->buffer_length);
-        if(auth_buf_length > (length - sizeof(he_msg_auth_hdr_t))) {
+        if(auth_buf_length > (length - sizeof(he_msg_auth_buf_t))) {
           return HE_ERR_PACKET_TOO_SMALL;
         }
         auth_state = conn->auth_buf_cb(conn, msg_buf->header.auth_type, msg_buf->buffer,