busybox: Fix for CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service
when processing a crafted shell command, due to missing validation after
a \x03 delimiter character.
This may be used for DoS under very rare conditions of filtered command input.

Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376



Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>