# HG changeset patch
# User Vladimir Homutov <vl@nginx.com>
# Date 1586028341 -10800
# Node ID 7cca3624f9c45ecdb0bc208c1ef198f572df6be9
# Parent  853908b5a2167aabbf23526ee15ea42baf14ed8e
Added check for SSL_get_current_cipher() results.

The function may return NULL and result need to be checked before use.

diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -62,13 +62,19 @@ static ngx_int_t
 ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, ngx_quic_ciphers_t *ciphers,
     enum ssl_encryption_level_t level)
 {
-    ngx_int_t  id, len;
+    ngx_int_t          id, len;
+    const SSL_CIPHER  *cipher;
 
     if (level == ssl_encryption_initial) {
         id = NGX_AES_128_GCM_SHA256;
 
     } else {
-        id = SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff;
+        cipher = SSL_get_current_cipher(ssl_conn);
+        if (cipher == NULL) {
+            return NGX_ERROR;
+        }
+
+        id = SSL_CIPHER_get_id(cipher) & 0xffff;
     }
 
     switch (id) {