From 4c636b2dc1fb94e554f8885e595888a20cca11fc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 19 Oct 2025 16:12:56 +0200
Subject: [PATCH] tool_operate: return error on strdup() failure

In src/tool_operate.c inside the Windows safe-search branch (#ifdef
CURL_CA_SEARCH_SAFE), the code assigns config->cacert = strdup(cacert);
at line 2076 without checking whether strdup returned NULL.

This would allow the code to continue with the wrong value set, causing
possible confusion.

Pointed out by ZeroPath
Closes #19145
---
 src/tool_operate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/tool_operate.c b/src/tool_operate.c
index 00a98b360b..0c03114d40 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2072,6 +2072,10 @@ static CURLcode cacertpaths(struct OperationConfig *config)
     if(cafile) {
       curlx_fclose(cafile);
       config->cacert = strdup(cacert);
+      if(!config->cacert) {
+        result = CURLE_OUT_OF_MEMORY;
+        goto fail;
+      }
     }
 #elif !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE) && \
   !defined(CURL_DISABLE_CA_SEARCH)
-- 
2.47.3