File 0001-dns-fix-nameserver-OOB-read-in-IPv6-disabled-fallbac.patch of Package musl

From 6f6bd4a1896ba0be19168abc1346c8c7e3851709 Mon Sep 17 00:00:00 2001
From: Liam Wachter <[email protected]>
Date: Fri, 20 Mar 2026 12:19:40 -0400
Subject: [PATCH] dns: fix nameserver OOB read in IPv6-disabled fallback

In __res_msend_rc(), the IPv6-disabled fallback check uses conf->ns[nns]
inside a loop controlled by i, so it tests a fixed slot instead of
walking configured nameservers. This reads one past the array's size.

Use conf->ns[i] so the loop correctly detects whether all configured
nameservers are IPv6-only.
---
 src/network/res_msend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/network/res_msend.c b/src/network/res_msend.c
index fcb52513002a..51d42ecb76f2 100644
--- a/src/network/res_msend.c
+++ b/src/network/res_msend.c
@@ -124,7 +124,7 @@ int __res_msend_rc(int nqueries, const unsigned char *const *queries,
 
 	/* Handle case where system lacks IPv6 support */
 	if (fd < 0 && family == AF_INET6 && errno == EAFNOSUPPORT) {
-		for (i=0; i<nns && conf->ns[nns].family == AF_INET6; i++);
+		for (i=0; i<nns && conf->ns[i].family == AF_INET6; i++);
 		if (i==nns) {
 			pthread_setcancelstate(cs, 0);
 			return -1;
-- 
2.53.0