HTTP/2: fixed possible buffer overrun (ticket #893).

Due to greater priority of the unary plus operator over the ternary operator the expression didn't work as expected. That might result in one byte less allocation than needed for the HEADERS frame buffer.
uvfive · Feb 4, 2016 · 9add42c · 9add42c
1 parent cb173ff
commit 9add42c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
@@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     if (r->headers_out.server == NULL) {
-        len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
-                                       : ngx_http_v2_literal_size("nginx");
+        len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+                                        : ngx_http_v2_literal_size("nginx"));
     }
 
     if (r->headers_out.date == NULL) {