X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_keychain/lib/KeyItem.cpp

diff --git a/OSX/libsecurity_keychain/lib/KeyItem.cpp b/OSX/libsecurity_keychain/lib/KeyItem.cpp
index 12f7113f..fed9dae0 100644
--- a/OSX/libsecurity_keychain/lib/KeyItem.cpp
+++ b/OSX/libsecurity_keychain/lib/KeyItem.cpp
@@ -81,6 +81,7 @@ KeyItem::operator CFTypeRef() const throw()
 
     if (mWeakSecKeyRef != NULL) {
         if (_CFTryRetain(mWeakSecKeyRef) == NULL) {
+            StMaybeLock<Mutex> secKeyCDSAMutex(mWeakSecKeyRef->cdsaKeyMutex);
             // mWeakSecKeyRef is not really valid, pointing to SecKeyRef which going to die - it is somewhere between last CFRelease and entering into mutex-protected section of SecCDSAKeyDestroy.  Avoid using it, pretend that no enveloping SecKeyRef exists.  But make sure that this KeyImpl is disconnected from this about-to-die SecKeyRef, because we do not want KeyImpl connected to it to be really destroyed, it will be connected to newly created SecKeyRef (see below).
             mWeakSecKeyRef->key = NULL;
             mWeakSecKeyRef = NULL;
@@ -488,7 +489,7 @@ KeyItem::key()
         } catch(CssmError cssme) {
             mKey.release();
             secnotice("integrity", "error while checking integrity, denying access: %s", cssme.what());
-            throw cssme;
+            throw;
         }
     }