From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 19 Oct 2025 14:12:56 +0000 (+0200)
Subject: tool_operate: return error on strdup() failure
X-Git-Tag: rc-8_17_0-2~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4c636b2dc1fb94e554f8885e595888a20cca11fc;p=thirdparty%2Fcurl.git

tool_operate: return error on strdup() failure

In src/tool_operate.c inside the Windows safe-search branch (#ifdef
CURL_CA_SEARCH_SAFE), the code assigns config->cacert = strdup(cacert);
at line 2076 without checking whether strdup returned NULL.

This would allow the code to continue with the wrong value set, causing
possible confusion.

Pointed out by ZeroPath
Closes #19145
---

diff --git a/src/tool_operate.c b/src/tool_operate.c
index 00a98b360b..0c03114d40 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2072,6 +2072,10 @@ static CURLcode cacertpaths(struct OperationConfig *config)
     if(cafile) {
       curlx_fclose(cafile);
       config->cacert = strdup(cacert);
+      if(!config->cacert) {
+        result = CURLE_OUT_OF_MEMORY;
+        goto fail;
+      }
     }
 #elif !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE) && \
   !defined(CURL_DISABLE_CA_SEARCH)