Funciton sub_41C488() was used to parse the HTTP request, it will concat HTTP content(v13) with GET parameters(a1[49]), however, while GET parameters are not empty (branch else), it forgot to check that v13 is not NULL, and pass a NULL pointer to strlen() will suddenly crash the server.
This allows an unauthorized attacker to perform a DoS attack.
b'POST /HNAP1/?a=b HTTP/1.1\r\n:\r\nContent-Length: 1\r\n\r\nB'
