From 757b3e7bcf76f310df6769727f6a2d32864318f5 Mon Sep 17 00:00:00 2001
From: Vladimir Homutov <vl@nginx.com>
Date: Sat, 4 Apr 2020 22:25:41 +0300
Subject: [PATCH] Added check for SSL_get_current_cipher() results.

The function may return NULL and result need to be checked before use.
---
 src/event/ngx_event_quic_protection.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 4359c9311..86300e68c 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -62,13 +62,19 @@ static ngx_int_t
 ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, ngx_quic_ciphers_t *ciphers,
     enum ssl_encryption_level_t level)
 {
-    ngx_int_t  id, len;
+    ngx_int_t          id, len;
+    const SSL_CIPHER  *cipher;
 
     if (level == ssl_encryption_initial) {
         id = NGX_AES_128_GCM_SHA256;
 
     } else {
-        id = SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff;
+        cipher = SSL_get_current_cipher(ssl_conn);
+        if (cipher == NULL) {
+            return NGX_ERROR;
+        }
+
+        id = SSL_CIPHER_get_id(cipher) & 0xffff;
     }
 
     switch (id) {