From cc8bb21c8ad619148c022af6e39ca8a5086a6a88 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurel32@debian.org>
Date: Fri, 30 Nov 2012 15:04:27 -0500
Subject: [PATCH] Fix assertion failures in resolver (BZ #13013).

	[BZ #13013]
	* resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
	depending n and resplen2 to catch cases where answer
	equals answerp2.
---
 ChangeLog          |  7 +++++++
 NEWS               |  4 ++--
 resolv/res_query.c | 32 ++++++++++++++++----------------
 3 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dabb7d13f3..bc0f71cbfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2011-11-30  Aurelien Jarno  <aurel32@debian.org>
+
+	[BZ #13013]
+	* resolv/res_query.c(__libc_res_nquery): Assign hp and hp2
+	depending n and resplen2 to catch cases where answer
+	equals answerp2.
+
 2012-11-29  Carlos O'Donell  <carlos@systemhalted.org>
 
 	* elf/get-dynamic-info.h (elf_get_dynamic_info): Warn
diff --git a/NEWS b/NEWS
index 79d29709a5..744df37833 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.17
 * The following bugs are resolved with this release:
 
   1349, 3439, 3479, 3665, 5044, 5246, 5298, 5400, 6530, 6677, 6778, 6808,
-  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741,
-  12140, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
+  9685, 9914, 10014, 10038, 10631, 10873, 11438, 11607, 11638, 11741, 12140,
+  13013, 13412, 13542, 13601, 13603, 13604, 13629, 13679, 13696, 13698,
   13717, 13741, 13759, 13761, 13763, 13881, 13939, 13950, 13952, 13966,
   14042, 14047, 14090, 14150, 14151, 14152, 14154, 14157, 14166, 14173,
   14195, 14197, 14237, 14251, 14252, 14283, 14298, 14303, 14307, 14328,
diff --git a/resolv/res_query.c b/resolv/res_query.c
index abccd4a921..1325f9772d 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -122,6 +122,7 @@ __libc_res_nquery(res_state statp,
 		  int *resplen2)
 {
 	HEADER *hp = (HEADER *) answer;
+	HEADER *hp2;
 	int n, use_malloc = 0;
 	u_int oflags = statp->_flags;
 
@@ -239,25 +240,24 @@ __libc_res_nquery(res_state statp,
 	  /* __libc_res_nsend might have reallocated the buffer.  */
 	  hp = (HEADER *) *answerp;
 
-	/* We simplify the following tests by assigning HP to HP2.  It
-	   is easy to verify that this is the same as ignoring all
-	   tests of HP2.  */
-	HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
-
-	if (n < (int) sizeof (HEADER) && answerp2 != NULL
-	    && *resplen2 > (int) sizeof (HEADER))
+	/* We simplify the following tests by assigning HP to HP2 or
+	   vice versa.  It is easy to verify that this is the same as
+	   ignoring all tests of HP or HP2.  */
+	if (answerp2 == NULL || *resplen2 < (int) sizeof (HEADER))
 	  {
-	    /* Special case of partial answer.  */
-	    assert (hp != hp2);
-	    hp = hp2;
-	  }
-	else if (answerp2 != NULL && *resplen2 < (int) sizeof (HEADER)
-		 && n > (int) sizeof (HEADER))
-	  {
-	    /* Special case of partial answer.  */
-	    assert (hp != hp2);
 	    hp2 = hp;
 	  }
+	else
+	  {
+	    hp2 = (HEADER *) *answerp2;
+	    if (n < (int) sizeof (HEADER))
+	      {
+	        hp = hp2;
+	      }
+	  }
+
+	/* Make sure both hp and hp2 are defined */
+	assert((hp != NULL) && (hp2 != NULL));
 
 	if ((hp->rcode != NOERROR || ntohs(hp->ancount) == 0)
 	    && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {