From 30de95bbc64f2a66bd4cd1bf10483f41272c274d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 27 Dec 2022 11:50:23 +0100
Subject: [PATCH 1/5] [Backport] hsts: handle adding the same host name again

Offering: RTOS
CVE: CVE-2023-23914
Reference: https://github.com/curl/curl/commit/ca02a77f05bd5cef20618c8f741aa48b7be0a648
DTS/AR: DTS2023021511961
type: LTS
reason: It will then use the largest expire time of the two entries.

(cherry picked from commit ca02a77f05bd5cef20618c8f741aa48b7be0a648)

Conflicts:
	lib/hsts.c
Signed-off-by: chenzanyu <chenzanyu@huawei.com>
---
 lib/hsts.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/hsts.c b/lib/hsts.c
index 1d0263cdf..525d2f2b1 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -394,14 +394,23 @@ static CURLcode hsts_add(struct hsts *h, char *line)
               host, date);
   if(2 == rc) {
     time_t expires = Curl_getdate_capped(date);
-    CURLcode result;
+    CURLcode result = CURLE_OK;
     char *p = host;
     bool subdomain = FALSE;
+    struct stsentry *e;
     if(p[0] == '.') {
       p++;
       subdomain = TRUE;
     }
-    result = hsts_create(h, p, subdomain, expires);
+    /* only add it if not already present */
+    e = Curl_hsts(h, p, subdomain);
+    if(!e)
+      result = hsts_create(h, p, subdomain, expires);
+    else {
+      /* the same host name, use the largest expire time */
+      if(expires > e->expires)
+        e->expires = expires;
+    }
     if(result)
       return result;
   }
-- 
2.35.1.windows.2