[nginx] HTTP/2: fixed possible buffer overrun (ticket #893).
Valentin Bartenev
vbart at nginx.com
Thu Feb 4 15:03:53 UTC 2016
details: http://hg.nginx.org/nginx/rev/11e019750adc
branches:
changeset: 6377:11e019750adc
user: Valentin Bartenev <vbart at nginx.com>
date: Thu Feb 04 18:01:04 2016 +0300
description:
HTTP/2: fixed possible buffer overrun (ticket #893).
Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected. That might result in one byte less
allocation than needed for the HEADERS frame buffer.
diffstat:
src/http/v2/ngx_http_v2_filter_module.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (14 lines):
diff -r 0e0e2e522fa2 -r 11e019750adc src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Tue Feb 02 16:33:55 2016 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Thu Feb 04 18:01:04 2016 +0300
@@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_reque
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (r->headers_out.server == NULL) {
- len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
- : ngx_http_v2_literal_size("nginx");
+ len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+ : ngx_http_v2_literal_size("nginx"));
}
if (r->headers_out.date == NULL) {
More information about the nginx-devel
mailing list