DNS: Compression pointers are not validated for range or loops #57
Description
In dns_decode_name():
Compression pointer ptr is accepted blindly, then offset = ptr.
No check that:
ptr < response_len
ptr is not pointing into the middle of some non-name region in a way that causes nonsense
pointer chains do not loop
A response can contain pointers that:
create infinite loops (CPU DoS)
bounce around while staying within bounds (still CPU DoS)
jump out of bounds (then offset check catches on next loop, but behaviour depends on path)
Even worse: dns_parse_response() doesn’t even use dns_decode_name(), it re-implements a weaker skip that also doesn’t validate pointer targets. So you get two different parsing behaviours with two different bug surfaces.