Fix bug with accessing memzero'd X509StoreContext in tests

As of https://boringssl-review.googlesource.com/c/boringssl/+/64141, X509_STORE_CTX_cleanup will zero the memory allocated to the X509_STORE_CTX. Because X509StoreContextRef::init invokes X509_STORE_CTX_cleanup once the with_context closure has finished, calling X509StoreContextRef::verify_result (or any API really) is going to be invalid because memory has been zerod out. This is a pretty big footgun, so maybe we should consider screaming a bit louder for this case.
cloudflare · Aug 16, 2024 · ae7a587 · ae7a587
1 parent ad1f9bb
commit ae7a587
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/boring/src/x509/tests/trusted_first.rs b/boring/src/x509/tests/trusted_first.rs
@@ -93,12 +93,12 @@ fn verify(
 
     let mut store_ctx = X509StoreContext::new().unwrap();
 
-    let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| {
-        configure(ctx.verify_param_mut());
-        ctx.verify_cert().unwrap();
-
-        Ok(())
-    });
-
-    store_ctx.verify_result()
+    store_ctx
+        .init(&trusted, cert, &untrusted, |ctx| {
+            configure(ctx.verify_param_mut());
+            ctx.verify_cert().unwrap();
+
+            Ok(ctx.verify_result())
+        })
+        .expect("failed to obtain X509VerifyResult")
 }