From 33b511331b6cccf42bc75058af075e4ef9fbd697 Mon Sep 17 00:00:00 2001
From: Rushil Mehra <rmehra@cloudflare.com>
Date: Fri, 16 Aug 2024 13:22:59 -0700
Subject: [PATCH] Fix bug with accessing memzero'd X509StoreContext in tests

As of https://boringssl-review.googlesource.com/c/boringssl/+/64141,
X509_STORE_CTX_cleanup will zero the memory allocated to the
X509_STORE_CTX. Because X509StoreContextRef::init invokes
X509_STORE_CTX_cleanup once the with_context closure has finished,
calling X509StoreContextRef::verify_result (or any API really) is going
to be invalid because memory has been zerod out. This is a pretty big
footgun, so maybe we should consider screaming a bit louder for this
case.
---
 boring/src/x509/tests/trusted_first.rs | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/boring/src/x509/tests/trusted_first.rs b/boring/src/x509/tests/trusted_first.rs
index 9823072f..d79ff2e3 100644
--- a/boring/src/x509/tests/trusted_first.rs
+++ b/boring/src/x509/tests/trusted_first.rs
@@ -93,12 +93,12 @@ fn verify(
 
     let mut store_ctx = X509StoreContext::new().unwrap();
 
-    let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| {
-        configure(ctx.verify_param_mut());
-        ctx.verify_cert().unwrap();
+    store_ctx
+        .init(&trusted, cert, &untrusted, |ctx| {
+            configure(ctx.verify_param_mut());
+            ctx.verify_cert().unwrap();
 
-        Ok(())
-    });
-
-    store_ctx.verify_result()
+            Ok(ctx.verify_result())
+        })
+        .expect("failed to obtain X509VerifyResult")
 }