Do not destroy an existing cipher list when ssl_parse_ciphersuites()

fails, to match the behaviour of ssl_create_cipher_list().  This also
agrees with the behaviour of SSL_set_ciphersuites(3) in OpenSSL.
Issue found while writing documentation.
OK jsing@

1 files changed, 2 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index 0912fb6d25..399e274ad4 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_ciphers.c,v 1.8 2020/09/14 17:52:38 tb Exp $ */
+/*      $OpenBSD: ssl_ciphers.c,v 1.9 2020/09/15 15:28:38 schwarze Exp $ */
 /*
  * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -220,9 +220,6 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
         int i;
         int ret = 0;
 
-        sk_SSL_CIPHER_free(*out_ciphers);
-        *out_ciphers = NULL;
-
         if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL)
                 goto err;
 
@@ -255,6 +252,7 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
         }
 
  done:
+        sk_SSL_CIPHER_free(*out_ciphers);
         *out_ciphers = ciphers;
         ciphers = NULL;
         ret = 1;