1 files changed, 11 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index ffb8b4367a..c42c3fd22d 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.130 2022/08/30 20:20:02 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.131 2022/09/01 15:19:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1362,7 +1362,10 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         if (cipher_list_tls13 != NULL) {
                 for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) {
                         cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i);
-                        sk_SSL_CIPHER_push(cipherstack, cipher);
+                        if (!sk_SSL_CIPHER_push(cipherstack, cipher)) {
+                                free(co_list);
+                                return (NULL);
+                        }
                 }
                 tls13_seen = 1;
         }
@@ -1381,8 +1384,12 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         any_active = 0;
         for (curr = head; curr != NULL; curr = curr->next) {
                 if (curr->active ||
-                    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3))
-                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+                    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) {
+                        if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+                                free(co_list);
+                                return (NULL);
+                        }
+                }
                 any_active |= curr->active;
         }
         if (!any_active)