Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / KeyItem.cpp

diff --git a/OSX/libsecurity_keychain/lib/KeyItem.cpp b/OSX/libsecurity_keychain/lib/KeyItem.cpp
index 12f7113fa1700a05ea2419aa9c64b389d81ed39d..fed9dae0607ca31255587013a143ef23a3f71e4f 100644 (file)
--- a/OSX/libsecurity_keychain/lib/KeyItem.cpp
+++ b/OSX/libsecurity_keychain/lib/KeyItem.cpp
@@ -81,6 +81,7 @@ KeyItem::operator CFTypeRef() const throw()
 
     if (mWeakSecKeyRef != NULL) {
         if (_CFTryRetain(mWeakSecKeyRef) == NULL) {
+            StMaybeLock<Mutex> secKeyCDSAMutex(mWeakSecKeyRef->cdsaKeyMutex);
             // mWeakSecKeyRef is not really valid, pointing to SecKeyRef which going to die - it is somewhere between last CFRelease and entering into mutex-protected section of SecCDSAKeyDestroy.  Avoid using it, pretend that no enveloping SecKeyRef exists.  But make sure that this KeyImpl is disconnected from this about-to-die SecKeyRef, because we do not want KeyImpl connected to it to be really destroyed, it will be connected to newly created SecKeyRef (see below).
             mWeakSecKeyRef->key = NULL;
             mWeakSecKeyRef = NULL;
@@ -488,7 +489,7 @@ KeyItem::key()
         } catch(CssmError cssme) {
             mKey.release();
             secnotice("integrity", "error while checking integrity, denying access: %s", cssme.what());
-            throw cssme;
+            throw;
         }
     }