Fix memory leak cause by race condition when creating public keys.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 91c2756116111e8e17fe1021e4f70b2b4b90bdf6..94d9f7ebab98979ff2da203a9e91590db24411d1 100644 (file)
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -367,7 +367,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                goto err;
                }
 
-       key->pkey = ret;
+       /* Check to see if another thread set key->pkey first */
+       CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+       if (key->pkey)
+               {
+               EVP_PKEY_free(ret);
+               ret = key->pkey;
+               }
+       else
+               key->pkey = ret;
+       CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
        return(ret);
 err: