min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bug with accessing memzero'd X509StoreContext in tests 

As of https://boringssl-review.googlesource.com/c/boringssl/+/64141,
X509_STORE_CTX_cleanup will zero the memory allocated to the
X509_STORE_CTX. Because X509StoreContextRef::init invokes
X509_STORE_CTX_cleanup once the with_context closure has finished,
calling X509StoreContextRef::verify_result (or any API really) is going
to be invalid because memory has been zerod out. This is a pretty big
footgun, so maybe we should consider screaming a bit louder for this
case.
This commit is contained in:
Rushil Mehra 2024-08-16 13:22:59 -07:00 committed by Kornel
parent c05a339911
commit 33b511331b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
boring/src/x509/tests/trusted_first.rs
View File

@ -93,12 +93,12 @@ fn verify(
let mut store_ctx = X509StoreContext::new().unwrap(); let mut store_ctx = X509StoreContext::new().unwrap();
let _ = store_ctx.init(&trusted, cert, &untrusted, |ctx| { store_ctx
configure(ctx.verify_param_mut()); .init(&trusted, cert, &untrusted, |ctx| {
ctx.verify_cert().unwrap(); configure(ctx.verify_param_mut());
ctx.verify_cert().unwrap();
Ok(()) Ok(ctx.verify_result())
}); })
.expect("failed to obtain X509VerifyResult")
store_ctx.verify_result()
} }