From 15975ddde44c6dfab03bb6e514db8a97f5fb3a6a Mon Sep 17 00:00:00 2001
From: Anthony Ramine <123095+nox@users.noreply.github.com>
Date: Mon, 2 Jun 2025 16:40:44 +0200
Subject: [PATCH] Ensure we call X509_STORE_CTX_cleanup on error path too
 (#360)

As X509_STORE_CTX_init may fail after setting some values
that should outlive the store context, we must ensure we
clean things up on its error path too.

We also know it's always ok to call X509_STORE_CTX_cleanupas X509_STORE_CTX_init starts with a call to it.
---
 boring/src/x509/mod.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs
index 57a0083f..308dc85d 100644
--- a/boring/src/x509/mod.rs
+++ b/boring/src/x509/mod.rs
@@ -130,14 +130,15 @@ impl X509StoreContextRef {
         }
 
         unsafe {
+            let cleanup = Cleanup(self);
+
             cvt(ffi::X509_STORE_CTX_init(
-                self.as_ptr(),
+                cleanup.0.as_ptr(),
                 trust.as_ptr(),
                 cert.as_ptr(),
                 cert_chain.as_ptr(),
             ))?;
 
-            let cleanup = Cleanup(self);
             with_context(cleanup.0)
         }
     }