From b1ab0ec473fb768c24e8f20576e5652a6d0fb9ab Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@palantir.com>
Date: Mon, 12 Feb 2018 09:32:26 -0800
Subject: [PATCH] Don't leak X509s

---
 openssl/src/x509/store.rs | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs
index 876e42466..4d6bc9ab2 100644
--- a/openssl/src/x509/store.rs
+++ b/openssl/src/x509/store.rs
@@ -30,7 +30,7 @@
 //!     builder.set_issuer_name(&name).unwrap();
 //!     builder.set_pubkey(&pkey).unwrap();
 //!     builder.sign(&pkey, MessageDigest::sha256()).unwrap();
-//! 
+//!
 //!     let certificate: X509 = builder.build();
 //!
 //!     let mut builder = X509StoreBuilder::new().unwrap();
@@ -52,7 +52,7 @@ foreign_type! {
     type CType = ffi::X509_STORE;
     fn drop = ffi::X509_STORE_free;
 
-    /// A builder type used to construct an `X509Store`. 
+    /// A builder type used to construct an `X509Store`.
     pub struct X509StoreBuilder;
     /// Reference to an `X509StoreBuilder`.
     pub struct X509StoreBuilderRef;
@@ -80,11 +80,10 @@ impl X509StoreBuilder {
 
 impl X509StoreBuilderRef {
     /// Adds a certificate to the certificate store.
+    // FIXME should take an &X509Ref
     pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
         unsafe {
-            let ptr = cert.as_ptr();
-            mem::forget(cert); // the cert will be freed inside of X509_STORE_add_cert on error
-            cvt(ffi::X509_STORE_add_cert(self.as_ptr(), ptr)).map(|_| ())
+            cvt(ffi::X509_STORE_add_cert(self.as_ptr(), cert.as_ptr())).map(|_| ())
         }
     }
 
-- 
GitLab