From bcee1a6c5a85df123b9c5cc4adb3b7c2034d807b Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Thu, 1 Sep 2022 15:19:16 +0000
Subject: [PATCH] Check sk_SSL_CIPHER_push() return value

CID 24797

ok jsing
---
 lib/libssl/ssl_ciph.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index ffb8b4367af..c42c3fd22db 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.130 2022/08/30 20:20:02 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.131 2022/09/01 15:19:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1362,7 +1362,10 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	if (cipher_list_tls13 != NULL) {
 		for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) {
 			cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i);
-			sk_SSL_CIPHER_push(cipherstack, cipher);
+			if (!sk_SSL_CIPHER_push(cipherstack, cipher)) {
+				free(co_list);
+				return (NULL);
+			}
 		}
 		tls13_seen = 1;
 	}
@@ -1381,8 +1384,12 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	any_active = 0;
 	for (curr = head; curr != NULL; curr = curr->next) {
 		if (curr->active ||
-		    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3))
-			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+		    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) {
+			if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+				free(co_list);
+				return (NULL);
+			}
+		}
 		any_active |= curr->active;
 	}
 	if (!any_active)
-- 
2.20.1