Added check for SSL_get_current_cipher() results.

The function may return NULL and result need to be checked before use.
author: Vladimir Homutov <vl@nginx.com> 2020-04-04 22:25:41 +0300
committer: Vladimir Homutov <vl@nginx.com> 2020-04-04 22:25:41 +0300
commit: 757b3e7bcf76f310df6769727f6a2d32864318f5 (patch)
tree: 8d2b5ec42b848c85f621a1776e4e373e305d7c2f /src
parent: 61aa190cfb529f0c9f7b2fc55bd403de70dd33c4 (diff)
download: nginx-757b3e7bcf76f310df6769727f6a2d32864318f5.tar.gz
nginx-757b3e7bcf76f310df6769727f6a2d32864318f5.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 4359c9311..86300e68c 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -62,13 +62,19 @@ static ngx_int_t
 ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, ngx_quic_ciphers_t *ciphers,
     enum ssl_encryption_level_t level)
 {
-    ngx_int_t  id, len;
+    ngx_int_t          id, len;
+    const SSL_CIPHER  *cipher;
 
     if (level == ssl_encryption_initial) {
         id = NGX_AES_128_GCM_SHA256;
 
     } else {
-        id = SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff;
+        cipher = SSL_get_current_cipher(ssl_conn);
+        if (cipher == NULL) {
+            return NGX_ERROR;
+        }
+
+        id = SSL_CIPHER_get_id(cipher) & 0xffff;
     }
 
     switch (id) {
author	Vladimir Homutov <vl@nginx.com>	2020-04-04 22:25:41 +0300
committer	Vladimir Homutov <vl@nginx.com>	2020-04-04 22:25:41 +0300
commit	757b3e7bcf76f310df6769727f6a2d32864318f5 (patch)
tree	8d2b5ec42b848c85f621a1776e4e373e305d7c2f /src
parent	61aa190cfb529f0c9f7b2fc55bd403de70dd33c4 (diff)
download	nginx-757b3e7bcf76f310df6769727f6a2d32864318f5.tar.gz nginx-757b3e7bcf76f310df6769727f6a2d32864318f5.zip