From 5f4f70e06d688e34a6079a81db1794d76c465fdb Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 12:07:25 +0200
Subject: [PATCH] ngtcp2: fix early return

On a failed tls handshake, the receive function returned without
restoring the current data.

Reported in Joshua's sarif data

Closes #18723
---
 lib/vquic/curl_ngtcp2.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 0e05694992..4998400d96 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1303,8 +1303,10 @@ static CURLcode cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
   *pnread = 0;
 
   /* handshake verification failed in callback, do not recv anything */
-  if(ctx->tls_vrfy_result)
-    return ctx->tls_vrfy_result;
+  if(ctx->tls_vrfy_result) {
+    result = ctx->tls_vrfy_result;
+    goto out;
+  }
 
   pktx_init(&pktx, cf, data);
 
-- 
2.47.3