From 323bb7b8cbfd7323afcf6d0509b5452db2b3020a Mon Sep 17 00:00:00 2001
From: botengyao <boteng@google.com>
Date: Mon, 26 Aug 2024 10:40:24 -0400
Subject: [PATCH] tls: fix openssl 509 null chain malloc leak (#35841)

Signed-off-by: Boteng Yao <boteng@google.com>
---
 test/common/tls/utility_test.cc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/test/common/tls/utility_test.cc b/test/common/tls/utility_test.cc
index 7f028922fa31..7a3be622ab29 100644
--- a/test/common/tls/utility_test.cc
+++ b/test/common/tls/utility_test.cc
@@ -223,11 +223,12 @@ TEST(UtilityTest, TestMapX509Stack) {
   auto func = [](X509& cert) -> std::string { return Utility::getSubjectFromCertificate(cert); };
   EXPECT_EQ(expected_subject, Utility::mapX509Stack(*cert_chain, func));
 
-  EXPECT_ENVOY_BUG(Utility::mapX509Stack(*sk_X509_new_null(), func), "x509 stack is empty or NULL");
+  bssl::UniquePtr<STACK_OF(X509)> empty_chain(sk_X509_new_null());
+  EXPECT_ENVOY_BUG(Utility::mapX509Stack(*empty_chain, func), "x509 stack is empty or NULL");
   EXPECT_ENVOY_BUG(Utility::mapX509Stack(*cert_chain, nullptr), "field_extractor is nullptr");
-  bssl::UniquePtr<STACK_OF(X509)> fakeCertChain(sk_X509_new_null());
-  sk_X509_push(fakeCertChain.get(), nullptr);
-  EXPECT_EQ(std::vector<std::string>{""}, Utility::mapX509Stack(*fakeCertChain, func));
+  bssl::UniquePtr<STACK_OF(X509)> fake_cert_chain(sk_X509_new_null());
+  sk_X509_push(fake_cert_chain.get(), nullptr);
+  EXPECT_EQ(std::vector<std::string>{""}, Utility::mapX509Stack(*fake_cert_chain, func));
 }
 
 } // namespace