Check STOMP headers against ending backslash

Issue: SPR-12418

Author: sdeleuze

spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompDecoder.java

@@ -260,6 +260,9 @@ private String unescape(String inString) {
 
 		while (index >= 0) {
 			sb.append(inString.substring(pos, index));
+			if((index + 1) >= inString.length()) {
+				throw new StompConversionException("Illegal escape sequence at index " + index + ": " + inString);
+			}
 			Character c = inString.charAt(index + 1);
 			if (c == 'r') {
 				sb.append('\r');

spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/BufferingStompDecoderTests.java

@@ -185,6 +185,13 @@ public void incompleteCommand() throws InterruptedException {
 		assertEquals(0, messages.size());
 	}
 
+	@Test(expected = StompConversionException.class) // SPR-12418
+	public void endingBackslashHeaderValueCheck() throws InterruptedException {
+		BufferingStompDecoder stompDecoder = new BufferingStompDecoder(STOMP_DECODER, 128);
+		String payload = "SEND\na:alpha\\\n\nMessage body\0";
+		stompDecoder.decode(toByteBuffer(payload));
+	}
+
 
 	private ByteBuffer toByteBuffer(String chunk) {
 		return ByteBuffer.wrap(chunk.getBytes(Charset.forName("UTF-8")));