about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAurelien Jarno <aurel32@debian.org>2012-11-30 15:04:27 -0500
committerDavid S. Miller <davem@davemloft.net>2012-11-30 15:04:27 -0500
commitcc8bb21c8ad619148c022af6e39ca8a5086a6a88 (patch)
treef3410b5396aad70d5fcc55913c8781c8abfb5581
parentb062e14ff3df0942d21c8904e3fca87fac25b85b (diff)
downloadglibc-cc8bb21c8ad619148c022af6e39ca8a5086a6a88.tar.gz
glibc-cc8bb21c8ad619148c022af6e39ca8a5086a6a88.tar.xz
glibc-cc8bb21c8ad619148c022af6e39ca8a5086a6a88.zip
Fix assertion failures in resolver (BZ #13013).
	[BZ #13013]
	* resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
	depending n and resplen2 to catch cases where answer
	equals answerp2.
-rw-r--r--ChangeLog7
-rw-r--r--NEWS4
-rw-r--r--resolv/res_query.c30
3 files changed, 24 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index dabb7d13f3..bc0f71cbfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2011-11-30  Aurelien Jarno  <aurel32@debian.org>
+
+	[BZ #13013]
+	* resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
+	depending n and resplen2 to catch cases where answer
+	equals answerp2.
+
 2012-11-29  Carlos O'Donell  <carlos@systemhalted.org>
 
 	* elf/get-dynamic-info.h (elf_get_dynamic_info): Warn
diff --git a/NEWS b/NEWS
index 79d29709a5..744df37833 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.17
 * The following bugs are resolved with this release:
 
   1349, 3439, 3479, 3665, 5044, 5246, 5298, 5400, 6530, 6677, 6778, 6808,
-  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741,
-  12140, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
+  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741, 12140,
+  13013, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
   13717, 13741, 13759, 13761, 13763, 13881, 13939, 13950, 13952, 13966,
   14042, 14047, 14090, 14150, 14151, 14152, 14154, 14157, 14166, 14173,
   14195, 14197, 14237, 14251, 14252, 14283, 14298, 14303, 14307, 14328,
diff --git a/resolv/res_query.c b/resolv/res_query.c
index abccd4a921..1325f9772d 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -122,6 +122,7 @@ __libc_res_nquery(res_state statp,
 		  int *resplen2)
 {
 	HEADER *hp = (HEADER *) answer;
+	HEADER *hp2;
 	int n, use_malloc = 0;
 	u_int oflags = statp->_flags;
 
@@ -239,26 +240,25 @@ __libc_res_nquery(res_state statp,
 	  /* __libc_res_nsend might have reallocated the buffer.  */
 	  hp = (HEADER *) *answerp;
 
-	/* We simplify the following tests by assigning HP to HP2.  It
-	   is easy to verify that this is the same as ignoring all
-	   tests of HP2.  */
-	HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
-
-	if (n < (int) sizeof (HEADER) && answerp2 != NULL
-	    && *resplen2 > (int) sizeof (HEADER))
+	/* We simplify the following tests by assigning HP to HP2 or
+	   vice versa.  It is easy to verify that this is the same as
+	   ignoring all tests of HP or HP2.  */
+	if (answerp2 == NULL || *resplen2 < (int) sizeof (HEADER))
 	  {
-	    /* Special case of partial answer.  */
-	    assert (hp != hp2);
-	    hp = hp2;
+	    hp2 = hp;
 	  }
-	else if (answerp2 != NULL && *resplen2 < (int) sizeof (HEADER)
-		 && n > (int) sizeof (HEADER))
+	else
 	  {
-	    /* Special case of partial answer.  */
-	    assert (hp != hp2);
-	    hp2 = hp;
+	    hp2 = (HEADER *) *answerp2;
+	    if (n < (int) sizeof (HEADER))
+	      {
+	        hp = hp2;
+	      }
 	  }
 
+	/* Make sure both hp and hp2 are defined */
+	assert((hp != NULL) && (hp2 != NULL));
+
 	if ((hp->rcode != NOERROR || ntohs(hp->ancount) == 0)
 	    && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {
 #ifdef DEBUG