Created attachment 224142 [details]
patch to fix a decompression bug long since fixed upstream
there is a bug in the dns-label decompression logic here, discovered by auditing the code at mark andrews' behest, after reading the forescout report which unfairly maligned freebsd has having a vulnerability in its "stack".
this code is a copy of something in libresolv, and this bug was fixed long ago in libresolv, and in ISC DHCP, but not in the freebsd (by way of openbsd) version. therefore, see attached patch.
0xC0 is 0b11000000. the "11" indicates a 14-bit compression pointer (offset from the start of the message). other patterns are "01" and "10" which have sometimes been defined but are currently reserved.
only where the pattern is "11" should the 14-bit compression pointer be used.
Note the submitted patch is incomplete.
len > 63 and < 192 also need to be rejected.
(In reply to marka from comment #1)
don't be shy -- include a patch, like i did?