From 3fdff6be40b01423aacf2c02eb3b4ef6d2186caf Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 01:37:25 +0200 Subject: efi_loader: error handling in efi_set_variable_common(). Fix unreachable code. Free memory on error. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/efi_loader/efi_variable.c') diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 58f8fae358..33df52e663 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -981,7 +981,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, if (append) { old_data = malloc(old_size); if (!old_data) { - return EFI_OUT_OF_RESOURCES; + ret = EFI_OUT_OF_RESOURCES; goto err; } ret = EFI_CALL(efi_get_variable(variable_name, vendor, -- cgit From 306bf6e7ff9b267e4c38f8f38900cb93fa96b62b Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 01:51:04 +0200 Subject: efi_loader: do not unnecessarily use EFI_CALL() There is no need to call efi_get_variable() instead of efi_get_variable_common(). So let's use the internal function. Move forward declarations to the top of the file. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) (limited to 'lib/efi_loader/efi_variable.c') diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 33df52e663..568bd3ccfd 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -30,6 +30,18 @@ static u8 efi_vendor_keys; #define READ_ONLY BIT(31) +static efi_status_t efi_get_variable_common(u16 *variable_name, + const efi_guid_t *vendor, + u32 *attributes, + efi_uintn_t *data_size, void *data); + +static efi_status_t efi_set_variable_common(u16 *variable_name, + const efi_guid_t *vendor, + u32 attributes, + efi_uintn_t data_size, + const void *data, + bool ro_check); + /* * Mapping between EFI variables and u-boot variables: * @@ -169,13 +181,6 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep) return str; } -static efi_status_t efi_set_variable_common(u16 *variable_name, - const efi_guid_t *vendor, - u32 attributes, - efi_uintn_t data_size, - const void *data, - bool ro_check); - /** * efi_set_secure_state - modify secure boot state variables * @sec_boot: value of SecureBoot @@ -300,8 +305,8 @@ static efi_status_t efi_init_secure_state(void) */ size = 0; - ret = EFI_CALL(efi_get_variable(L"PK", &efi_global_variable_guid, - NULL, &size, NULL)); + ret = efi_get_variable_common(L"PK", &efi_global_variable_guid, + NULL, &size, NULL); if (ret == EFI_BUFFER_TOO_SMALL) { if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) mode = EFI_MODE_USER; @@ -587,8 +592,7 @@ static efi_status_t efi_variable_authenticate(u16 *variable, } #endif /* CONFIG_EFI_SECURE_BOOT */ -static -efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name, +static efi_status_t efi_get_variable_common(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data) @@ -893,8 +897,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, /* check if a variable exists */ old_size = 0; attr = 0; - ret = EFI_CALL(efi_get_variable(variable_name, vendor, &attr, - &old_size, NULL)); + ret = efi_get_variable_common(variable_name, vendor, &attr, + &old_size, NULL); append = !!(attributes & EFI_VARIABLE_APPEND_WRITE); attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE; delete = !append && (!data_size || !attributes); @@ -984,8 +988,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, ret = EFI_OUT_OF_RESOURCES; goto err; } - ret = EFI_CALL(efi_get_variable(variable_name, vendor, - &attr, &old_size, old_data)); + ret = efi_get_variable_common(variable_name, vendor, + &attr, &old_size, old_data); if (ret != EFI_SUCCESS) goto err; } else { -- cgit From 9ad15227bb92acc2bf73c60da1bcf2ae3774246d Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Thu, 7 May 2020 02:13:18 +0200 Subject: efi_loader: efi_variable_parse_signature() returns NULL on error efi_variable_parse_signature() returns NULL on error, so IS_ERR() is an incorrect check. The goto err leads to pkcs7_free_message(), which works fine on a NULL ptr. Signed-off-by: Patrick Wildt Reviewed-by: AKASHI Takahiro --- lib/efi_loader/efi_variable.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/efi_loader/efi_variable.c') diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 568bd3ccfd..60c1201757 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -524,9 +524,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable, var_sig = efi_variable_parse_signature(auth->auth_info.cert_data, auth->auth_info.hdr.dwLength - sizeof(auth->auth_info)); - if (IS_ERR(var_sig)) { + if (!var_sig) { debug("Parsing variable's signature failed\n"); - var_sig = NULL; goto err; } -- cgit