From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 18 Nov 2025 15:13:28 +0000 (+0100)
Subject: hsts: propagate and error out correctly on OOM
X-Git-Tag: rc-8_18_0-1~240
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97169a91d9ce0efef2bea7a185b1daa3c1f376be;p=thirdparty%2Fcurl.git

hsts: propagate and error out correctly on OOM

Closes #19593
---

diff --git a/lib/hsts.c b/lib/hsts.c
index 437851b8ba..ec332392c4 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -571,18 +571,22 @@ CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
   return CURLE_OK;
 }
 
-void Curl_hsts_loadfiles(struct Curl_easy *data)
+CURLcode Curl_hsts_loadfiles(struct Curl_easy *data)
 {
+  CURLcode result = CURLE_OK;
   struct curl_slist *l = data->state.hstslist;
   if(l) {
     Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
 
     while(l) {
-      (void)Curl_hsts_loadfile(data, data->hsts, l->data);
+      result = Curl_hsts_loadfile(data, data->hsts, l->data);
+      if(result)
+        break;
       l = l->next;
     }
     Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
   }
+  return result;
 }
 
 #if defined(DEBUGBUILD) || defined(UNITTESTS)
diff --git a/lib/hsts.h b/lib/hsts.h
index 8ec9637cb0..cb83ada790 100644
--- a/lib/hsts.h
+++ b/lib/hsts.h
@@ -59,11 +59,11 @@ CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
                             struct hsts *h, const char *file);
 CURLcode Curl_hsts_loadcb(struct Curl_easy *data,
                           struct hsts *h);
-void Curl_hsts_loadfiles(struct Curl_easy *data);
+CURLcode Curl_hsts_loadfiles(struct Curl_easy *data);
 #else
 #define Curl_hsts_cleanup(x)
 #define Curl_hsts_loadcb(x,y) CURLE_OK
 #define Curl_hsts_save(x,y,z)
-#define Curl_hsts_loadfiles(x)
+#define Curl_hsts_loadfiles(x) CURLE_OK
 #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
 #endif /* HEADER_CURL_HSTS_H */
diff --git a/lib/transfer.c b/lib/transfer.c
index 2b06566f73..b576e6b88d 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -554,8 +554,9 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
   if(!result && data->state.resolve)
     result = Curl_loadhostpairs(data);
 
-  /* If there is a list of hsts files to read */
-  Curl_hsts_loadfiles(data);
+  if(!result)
+    /* If there is a list of hsts files to read */
+    result = Curl_hsts_loadfiles(data);
 
   if(!result) {
     /* Allow data->set.use_port to set which port to use. This needs to be
@@ -608,7 +609,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
    * basically anything through an HTTP proxy we cannot limit this based on
    * protocol.
    */
-  if(data->set.str[STRING_USERAGENT]) {
+  if(!result && data->set.str[STRING_USERAGENT]) {
     free(data->state.aptr.uagent);
     data->state.aptr.uagent =
       curl_maprintf("User-Agent: %s\r\n", data->set.str[STRING_USERAGENT]);