diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2016-02-04 18:01:04 +0300 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2016-02-04 18:01:04 +0300 |
| commit | 9add42c71e71c2af8e67eceeeb773d22a9cab760 (patch) | |
| tree | ea75d2250ed73a6d1eadd4b27cb36fca95a90cf8 /src | |
| parent | cb173ff6722635188546ce7dd8f2a737050d82d5 (diff) | |
| download | nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.tar.gz nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.zip | |
HTTP/2: fixed possible buffer overrun (ticket #893).
Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected. That might result in one byte less
allocation than needed for the HEADERS frame buffer.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/v2/ngx_http_v2_filter_module.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c index ed30fe566..ea5897945 100644 --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_request_t *r) clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); if (r->headers_out.server == NULL) { - len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER) - : ngx_http_v2_literal_size("nginx"); + len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER) + : ngx_http_v2_literal_size("nginx")); } if (r->headers_out.date == NULL) { |