From db32c0721f9cfbefe6a42b828ef7bfc4b40f71ac Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Nov 2025 23:59:23 +0100
Subject: [PATCH] rustls: verify that verifier_builder is not NULL

Since this function returns allocated resources there is probably at
least a theoretical risk this can return NULL.

Pointed out by ZeroPath

Closes #19756
---
 lib/vtls/rustls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index e4251a9151..0c13cc81ee 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -750,6 +750,10 @@ init_config_builder_verifier(struct Curl_easy *data,
   }
 
   verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(roots);
+  if(!verifier_builder) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto cleanup;
+  }
 
   if(conn_config->CRLfile) {
     result = init_config_builder_verifier_crl(data,