Remote code execution via ND6 Router Advertisements

You can see in the patch that there was a todo comment to add validation :/

 
-	/*
-	 * XXX validate that domain name only contains valid characters
-	 * for two reasons: 1) correctness, 2) we do not want to pass
-	 * possible malicious, unescaped characters like `` to a script
-	 * or program that could be exploited that way.