HTTP/2: fixed possible buffer overrun (ticket #893).

Due to greater priority of the unary plus operator over the ternary operator the expression didn't work as expected. That might result in one byte less allocation than needed for the HEADERS frame buffer.
author: Valentin Bartenev <vbart@nginx.com> 2016-02-04 18:01:04 +0300
committer: Valentin Bartenev <vbart@nginx.com> 2016-02-04 18:01:04 +0300
commit: 9add42c71e71c2af8e67eceeeb773d22a9cab760 (patch)
tree: ea75d2250ed73a6d1eadd4b27cb36fca95a90cf8
parent: cb173ff6722635188546ce7dd8f2a737050d82d5 (diff)
download: nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.tar.gz
nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index ed30fe566..ea5897945 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     if (r->headers_out.server == NULL) {
-        len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
-                                       : ngx_http_v2_literal_size("nginx");
+        len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+                                        : ngx_http_v2_literal_size("nginx"));
     }
 
     if (r->headers_out.date == NULL) {
author	Valentin Bartenev <vbart@nginx.com>	2016-02-04 18:01:04 +0300
committer	Valentin Bartenev <vbart@nginx.com>	2016-02-04 18:01:04 +0300
commit	9add42c71e71c2af8e67eceeeb773d22a9cab760 (patch)
tree	ea75d2250ed73a6d1eadd4b27cb36fca95a90cf8
parent	cb173ff6722635188546ce7dd8f2a737050d82d5 (diff)
download	nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.tar.gz nginx-9add42c71e71c2af8e67eceeeb773d22a9cab760.tar.bz2