quic: check lh_QUIC_STREAM_new() return value in stream_map_init

ossl_quic_stream_map_init() did not check whether lh_QUIC_STREAM_new()
succeeded. On allocation failure qsm->map would be NULL and subsequent
operations on the stream map would dereference it.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:02 2026
(Merged from https://github.com/openssl/openssl/pull/31038)

diff --git a/ssl/quic/quic_stream_map.c b/ssl/quic/quic_stream_map.c
index b1605534523f12403adcd6ed151a153bb2a771aa..b3244722ffbd9b699a31058ad9e51f0f403cdec4 100644 (file)
--- a/ssl/quic/quic_stream_map.c
+++ b/ssl/quic/quic_stream_map.c
@@ -94,6 +94,8 @@ int ossl_quic_stream_map_init(QUIC_STREAM_MAP *qsm,
     QUIC_CHANNEL *ch)
 {
     qsm->map = lh_QUIC_STREAM_new(hash_stream, cmp_stream);
+    if (qsm->map == NULL)
+        return 0;
     qsm->active_list.prev = qsm->active_list.next = &qsm->active_list;
     qsm->accept_list.prev = qsm->accept_list.next = &qsm->accept_list;
     qsm->ready_for_gc_list.prev = qsm->ready_for_gc_list.next
@@ -123,6 +125,8 @@ static void release_each(QUIC_STREAM *stream, void *arg)
 
 void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm)
 {
+    if (qsm->map == NULL)
+        return;
     lh_QUIC_STREAM_set_down_load(qsm->map, 0);
     ossl_quic_stream_map_visit(qsm, release_each, qsm);