File nss-dns-getnetbyaddr.patch of Package glibc.42654

From 49125ffc8e1674dc2a100dfdc5b78796f22e16f2 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <carlos@redhat.com>
Date: Thu, 15 Jan 2026 15:09:38 -0500
Subject: [PATCH] resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)

The default network value of zero for net was never tested for and
results in a DNS query constructed from uninitialized stack bytes.
The solution is to provide a default query for the case where net
is zero.

Adding a test case for this was straight forward given the existence of
tst-resolv-network and if the test is added without the fix you observe
this failure:

FAIL: resolv/tst-resolv-network
original exit status 1
error: tst-resolv-network.c:174: invalid QNAME: \146\218\129\128
error: 1 test failures

With a random QNAME resulting from the use of uninitialized stack bytes.

After the fix the test passes.

Additionally verified using wireshark before and after to ensure
on-the-wire bytes for the DNS query were as expected.

No regressions on x86_64.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit e56ff82d5034ec66c6a78f517af6faa427f65b0b)
---
 resolv/nss_dns/dns-network.c | 4 ++++
 resolv/tst-resolv-network.c  | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 1e6511a4f4..4c365660bb 100644
--- a/resolv/nss_dns/dns-network.c
+++ b/resolv/nss_dns/dns-network.c
@@ -207,6 +207,10 @@ _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
       sprintf (qbuf, "%u.%u.%u.%u.in-addr.arpa", net_bytes[3], net_bytes[2],
 	       net_bytes[1], net_bytes[0]);
       break;
+    default:
+      /* Default network (net is originally zero).  */
+      strcpy (qbuf, "0.0.0.0.in-addr.arpa");
+      break;
     }
 
   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);