tool_operate: return error on strdup() failure

In src/tool_operate.c inside the Windows safe-search branch (#ifdef
CURL_CA_SEARCH_SAFE), the code assigns config->cacert = strdup(cacert);
at line 2076 without checking whether strdup returned NULL.

This would allow the code to continue with the wrong value set, causing
possible confusion.

Pointed out by ZeroPath
Closes #19145

diff --git a/src/tool_operate.c b/src/tool_operate.c
index 00a98b360ba04413fafaafb4a70a4483908a074e..0c03114d407261afa4c71e3c8c9557f3e51f3d4c 100644 (file)
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2072,6 +2072,10 @@ static CURLcode cacertpaths(struct OperationConfig *config)
     if(cafile) {
       curlx_fclose(cafile);
       config->cacert = strdup(cacert);
+      if(!config->cacert) {
+        result = CURLE_OUT_OF_MEMORY;
+        goto fail;
+      }
     }
 #elif !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE) && \
   !defined(CURL_DISABLE_CA_SEARCH)