DNS: Name skipping logic can walk arbitrarily far on malformed labels #56
Description
Both question-skip and answer-name-skip do:
pos += 1 + response[pos] for normal labels.
There is no check that:
response[pos] is a sane label length (DNS labels must be ≤ 63)
pos + 1 + response[pos] <= len before incrementing
So a single byte like 0xFF can make pos jump well beyond the end. Later code then reads from those positions.
This is another OOB read / crash primitive.