dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing

src/dns.c

@@ -1759,6 +1759,11 @@ static int _dns_decode_rr_head(struct dns_context *context, char *domain, int do
 		return -1;
 	}
 
+	if (*rr_len > _dns_left_len(context)) {
+		tlog(TLOG_DEBUG, "rr len exceeds remaining buffer.");
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -2457,6 +2462,11 @@ static int _dns_decode_SVCB_HTTPS(struct dns_context *context, const char *domai
 		return -1;
 	}
 
+	if (_dns_left_len(context) < rr_len) {
+		tlog(TLOG_DEBUG, "https data length exceeds buffer.");
+		return -1;
+	}
+
 	priority = _dns_read_short(&context->ptr);
 	ret = _dns_decode_domain(context, target, sizeof(target));
 	if (ret < 0) {