details: http://hg.nginx.org/nginx/rev/11e019750adc
branches:
changeset: 6377:11e019750adc
user: Valentin Bartenev <[email protected]>
date: Thu Feb 04 18:01:04 2016 +0300
description:
HTTP/2: fixed possible buffer overrun (ticket #893).
Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected. That might result in one byte less
allocation than needed for the HEADERS frame buffer.
diffstat:
src/http/v2/ngx_http_v2_filter_module.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (14 lines):
diff -r 0e0e2e522fa2 -r 11e019750adc src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Tue Feb 02 16:33:55 2016 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Thu Feb 04 18:01:04 2016 +0300
@@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_reque
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (r->headers_out.server == NULL) {
- len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
- : ngx_http_v2_literal_size("nginx");
+ len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+ : ngx_http_v2_literal_size("nginx"));
}
if (r->headers_out.date == NULL) {
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel
