Fix two panics identified by fuzz testing

This commit adds additional bounds checking, one for DNSResourceRecord
and another for DNSQuestion. The DNSResourceRecord panic was observed in
production and the second panic was caught by fuzzing.

Add a fuzz test with seeds to reproduce these two panics.

Author: cirego

layers/dns.go

@@ -639,6 +639,10 @@ func (q *DNSQuestion) decode(data []byte, offset int, df gopacket.DecodeFeedback
 		return 0, err
 	}
 
+	if len(data) < endq+4 {
+		return 0, errors.New("DNS question too small")
+	}
+
 	q.Name = name
 	q.Type = DNSType(binary.BigEndian.Uint16(data[endq : endq+2]))
 	q.Class = DNSClass(binary.BigEndian.Uint16(data[endq+2 : endq+4]))
@@ -709,6 +713,10 @@ func (rr *DNSResourceRecord) decode(data []byte, offset int, df gopacket.DecodeF
 		return 0, err
 	}
 
+	if len(data) < endq+10 {
+		return 0, errors.New("DNS record too small")
+	}
+
 	rr.Name = name
 	rr.Type = DNSType(binary.BigEndian.Uint16(data[endq : endq+2]))
 	rr.Class = DNSClass(binary.BigEndian.Uint16(data[endq+2 : endq+4]))

layers/dns_test.go

@@ -15,6 +15,13 @@ import (
 	"github.com/google/gopacket"
 )
 
+func FuzzDecodeFromBytes(f *testing.F) {
+	f.Fuzz(func(t *testing.T, bytes []byte) {
+		dns := DNS{}
+		dns.DecodeFromBytes(bytes, gopacket.NilDecodeFeedback)
+	})
+}
+
 // it have a layer like that:
 //    name: xxx.com
 //    type: CNAME

layers/testdata/fuzz/FuzzDecodeFromBytes/27d23183d8ce7b719228870c23869cf21bf8829d7160c82da88f80aeff2d861c

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("0000000\x10\x10\x00\x01\x01\x01\x01\x01\x01\x00")

layers/testdata/fuzz/FuzzDecodeFromBytes/3b53f220d321f20980b59f64e1617d6b334b152a90b141a7407c3c8fa4837a31

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("000000000000\x00")

layers/testdata/fuzz/FuzzDecodeFromBytes/f539b7a397cf68c2129abd63d4c7cfb1979c489ad9bad6898510a4d4759bb85f

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("01000\x10\x10\xdfd\x01\x01\x01\x00d\x01\x01\x01\x00")

layers/testdata/fuzz/FuzzDecodeFromBytes/fe20300d6b2057b406a06ec4f04065f6d0dda6b2b362c0a89192c1933e927adf

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("0000\x00\x00000000\x010\x000")