p2p: DecodeMessage should not always assume that data will be non-nil

[odeke-em]

A followup of #816 found by fuzzing, but otherwise is obvious if we approach the functions from an outside attacker's perspective.

In PEXReactor.Receive, if a client passes in nil/no bytes, we deference the bytes in
https://github.com/tendermint/tendermint/blob/master/p2p/pex_reactor.go#L332

We should check that the bytes are not empty lest we get a crash

[odeke-em]

Found in 3seconds by go-fuzz

2017/11/07 03:24:40 slaves: 4, corpus: 17 (2s ago), crashers: 1, restarts: 1/0, execs: 0 (0/sec), cover: 0, uptime: 3s

[ebuchman]

We should note that msgBytes != nil is an explicit part of the contract a Reactor has with the switch, ala https://github.com/tendermint/tendermint/blob/master/p2p/connection.go#L472

Again, for defensive purposes, we could/should be checking for nil in the DecodeMessage, but it's not something that should ever arise if the reactor is registered properly with the switch.

[ebuchman]

added patch and comment about Receive.

Leave DecodeMessage for #646

[odeke-em]

Awesome, thanks for that @ebuchman!