From 15e03c539bc32ccdc37bede6a9f771279b168379 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 4 Aug 2025 10:16:31 +0200
Subject: [PATCH] credential-factory: Avoid deadlock during unit tests

If a unit test times out while generating a private key (e.g. because of
a lack of entropy), this avoids a deadlock by still releasing the read
lock that'd prevent acquiring the write lock when plugins are unloaded.
---
 src/libstrongswan/credentials/credential_factory.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 1fa34192d8..07e1de76e8 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -140,6 +140,8 @@ METHOD(credential_factory_t, create, void*,
 	this->recursive->set(this->recursive, (void*)level + 1);
 
 	this->lock->read_lock(this->lock);
+	/* push this in case of a timeout during unit tests */
+	thread_cleanup_push((thread_cleanup_t)this->lock->unlock, this->lock);
 	enumerator = this->constructors->create_enumerator(this->constructors);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
@@ -159,7 +161,7 @@ METHOD(credential_factory_t, create, void*,
 		}
 	}
 	enumerator->destroy(enumerator);
-	this->lock->unlock(this->lock);
+	thread_cleanup_pop(TRUE);
 
 	if (!construct && !level)
 	{
-- 
2.47.2