X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b54c578e17e9bcbd74aa30ea75e25e955b9a6205..refs/heads/master:/OSX/sec/Security/SecKey.m

diff --git a/OSX/sec/Security/SecKey.m b/OSX/sec/Security/SecKey.m
index 6fa9f866..35c0afab 100644
--- a/OSX/sec/Security/SecKey.m
+++ b/OSX/sec/Security/SecKey.m
@@ -170,11 +170,21 @@ static CFMutableDictionaryRef auxilliaryCDSAKeyMap;
 static struct os_unfair_lock_s auxilliaryCDSAKeyMapLock = OS_UNFAIR_LOCK_INIT;
 
 static void SecKeyDestroyAuxilliaryCDSAKeyForKey(CFTypeRef cf) {
+    CFTypeRef keyToDestroy = NULL;
     os_unfair_lock_lock(&auxilliaryCDSAKeyMapLock);
     if (auxilliaryCDSAKeyMap != NULL) {
-        CFDictionaryRemoveValue(auxilliaryCDSAKeyMap, cf);
+        keyToDestroy = CFDictionaryGetValue(auxilliaryCDSAKeyMap, cf);
+        if (keyToDestroy != NULL) {
+            CFRetain(keyToDestroy);
+            CFDictionaryRemoveValue(auxilliaryCDSAKeyMap, cf);
+        }
     }
     os_unfair_lock_unlock(&auxilliaryCDSAKeyMapLock);
+
+    // Actual aux key destruction is performed outside unfair lock to avoid recursive lock.
+    if (keyToDestroy != NULL) {
+        CFRelease(keyToDestroy);
+    }
 }
 
 void SecKeySetAuxilliaryCDSAKeyForKey(SecKeyRef cf, SecKeyRef auxKey) {
@@ -1189,7 +1199,7 @@ OSStatus SecKeyCopyPersistentRef(SecKeyRef key, CFDataRef* persistentRef)
     if (!persistentRef) {
         secerror("SecKeyCopyPersistentRef: Need a persistentRef pointer for this to work");
         return errSecParam;
-    }
+    }    
 
     CFDictionaryRef query = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
                                                          kSecReturnPersistentRef,   kCFBooleanTrue,