From 3d8d3958ea27fe2388753c0976c941d49f03a97d Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Wed, 4 Feb 2026 11:35:40 -0700
Subject: [PATCH] Updated STS parsing to treat duplicate port, duration, or
 preload keys as invalid by returning FALSE immediately when repeats are
 encountered.

---
 src/common/sts.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/common/sts.c b/src/common/sts.c
index 010904dc..b336615d 100644
--- a/src/common/sts.c
+++ b/src/common/sts.c
@@ -338,7 +338,13 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		{
 			gint64 port_value;
 
-			if (*has_port || !val)
+			if (*has_port)
+			{
+				g_strfreev (tokens);
+				return FALSE;
+			}
+
+			if (!val)
 			{
 				continue;
 			}
@@ -354,7 +360,13 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		{
 			guint64 duration_value;
 
-			if (*has_duration || !val)
+			if (*has_duration)
+			{
+				g_strfreev (tokens);
+				return FALSE;
+			}
+
+			if (!val)
 			{
 				continue;
 			}
@@ -367,7 +379,8 @@ sts_parse_value (const char *value, guint16 *port, guint64 *duration, gboolean *
 		{
 			if (*has_preload)
 			{
-				continue;
+				g_strfreev (tokens);
+				return FALSE;
 			}
 			*preload = TRUE;
 			*has_preload = TRUE;