Fix assertion failures in resolver (BZ #13013).

	[BZ #13013]
	* resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
	depending n and resplen2 to catch cases where answer
	equals answerp2.

diff --git a/ChangeLog b/ChangeLog
index dabb7d13f3f5738a1068f768e7e26b52a7ac9587..bc0f71cbfb38dafb77f411769f414724e6be73df 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2011-11-30  Aurelien Jarno  <aurel32@debian.org>
+
+       [BZ #13013]
+       * resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
+       depending n and resplen2 to catch cases where answer
+       equals answerp2.
+
 2012-11-29  Carlos O'Donell  <carlos@systemhalted.org>
 
        * elf/get-dynamic-info.h (elf_get_dynamic_info): Warn

diff --git a/NEWS b/NEWS
index 79d29709a5be0bd278768812dab3da94ff1a9476..744df378337b0b2aad199cdf237a9865b1c47c44 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.17
 * The following bugs are resolved with this release:
 
   1349, 3439, 3479, 3665, 5044, 5246, 5298, 5400, 6530, 6677, 6778, 6808,
-  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741,
-  12140, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
+  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741, 12140,
+  13013, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
   13717, 13741, 13759, 13761, 13763, 13881, 13939, 13950, 13952, 13966,
   14042, 14047, 14090, 14150, 14151, 14152, 14154, 14157, 14166, 14173,
   14195, 14197, 14237, 14251, 14252, 14283, 14298, 14303, 14307, 14328,

diff --git a/resolv/res_query.c b/resolv/res_query.c
index abccd4a92105d4bc105b2b04307c7d03440bea38..1325f9772ddcffc9aaa1b3a81a73fbce161e9b3c 100644 (file)
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -122,6 +122,7 @@ __libc_res_nquery(res_state statp,
                  int *resplen2)
 {
        HEADER *hp = (HEADER *) answer;
+       HEADER *hp2;
        int n, use_malloc = 0;
        u_int oflags = statp->_flags;
 
@@ -239,26 +240,25 @@ __libc_res_nquery(res_state statp,
          /* __libc_res_nsend might have reallocated the buffer.  */
          hp = (HEADER *) *answerp;
 
-       /* We simplify the following tests by assigning HP to HP2.  It
-          is easy to verify that this is the same as ignoring all
-          tests of HP2.  */
-       HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
-
-       if (n < (int) sizeof (HEADER) && answerp2 != NULL
-           && *resplen2 > (int) sizeof (HEADER))
+       /* We simplify the following tests by assigning HP to HP2 or
+          vice versa.  It is easy to verify that this is the same as
+          ignoring all tests of HP or HP2.  */
+       if (answerp2 == NULL || *resplen2 < (int) sizeof (HEADER))
          {
-           /* Special case of partial answer.  */
-           assert (hp != hp2);
-           hp = hp2;
+           hp2 = hp;
          }
-       else if (answerp2 != NULL && *resplen2 < (int) sizeof (HEADER)
-                && n > (int) sizeof (HEADER))
+       else
          {
-           /* Special case of partial answer.  */
-           assert (hp != hp2);
-           hp2 = hp;
+           hp2 = (HEADER *) *answerp2;
+           if (n < (int) sizeof (HEADER))
+             {
+               hp = hp2;
+             }
          }
 
+       /* Make sure both hp and hp2 are defined */
+       assert((hp != NULL) && (hp2 != NULL));
+
        if ((hp->rcode != NOERROR || ntohs(hp->ancount) == 0)
            && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {
 #ifdef DEBUG