Commit 51e7447e9e for openssl.org
commit 51e7447e9ed72efba16570110eb6187df85d1a79
Author: Nikola Pajkovsky <nikolap@openssl.org>
Date: Mon May 4 10:44:58 2026 +0200
quic: check lh_QUIC_STREAM_new() return value in stream_map_init
ossl_quic_stream_map_init() did not check whether lh_QUIC_STREAM_new()
succeeded. On allocation failure qsm->map would be NULL and subsequent
operations on the stream map would dereference it.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:02 2026
(Merged from https://github.com/openssl/openssl/pull/31038)
diff --git a/ssl/quic/quic_stream_map.c b/ssl/quic/quic_stream_map.c
index b160553452..b3244722ff 100644
--- a/ssl/quic/quic_stream_map.c
+++ b/ssl/quic/quic_stream_map.c
@@ -94,6 +94,8 @@ int ossl_quic_stream_map_init(QUIC_STREAM_MAP *qsm,
QUIC_CHANNEL *ch)
{
qsm->map = lh_QUIC_STREAM_new(hash_stream, cmp_stream);
+ if (qsm->map == NULL)
+ return 0;
qsm->active_list.prev = qsm->active_list.next = &qsm->active_list;
qsm->accept_list.prev = qsm->accept_list.next = &qsm->accept_list;
qsm->ready_for_gc_list.prev = qsm->ready_for_gc_list.next
@@ -123,6 +125,8 @@ static void release_each(QUIC_STREAM *stream, void *arg)
void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm)
{
+ if (qsm->map == NULL)
+ return;
lh_QUIC_STREAM_set_down_load(qsm->map, 0);
ossl_quic_stream_map_visit(qsm, release_each, qsm);