diff options
| author | Andrew Goodbody <andrew.goodbody@linaro.org> | 2025-07-02 11:01:37 +0100 |
|---|---|---|
| committer | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2025-07-03 11:32:49 +0300 |
| commit | 5753dc3f6572d42057a262f0e57e904e5c9cd9bc (patch) | |
| tree | 032f03159cb7d2821e09f5a7fb14a33fb68da583 | |
| parent | 9d95a35715fcb8e81ee423e31273489a47ed1563 (diff) | |
efi_loader: Prevent dereference of uninitialised variable
If phandler is returned as NULL from efi_search_protocol then
protocol_interface is never assigned to. Instead return
EFI_UNSUPPORTED as per the spec.
This issue found by Smatch.
Also eliminate the use of the variable protocol_interface as it is not
needed.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| -rw-r--r-- | lib/efi_loader/efi_http.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c index 189317fe2d2..9a0f2675132 100644 --- a/lib/efi_loader/efi_http.c +++ b/lib/efi_loader/efi_http.c @@ -453,7 +453,6 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child( efi_status_t ret = EFI_SUCCESS; struct efi_http_instance *http_instance; struct efi_handler *phandler; - void *protocol_interface; if (num_instances == 0) return EFI_EXIT(EFI_NOT_FOUND); @@ -463,18 +462,18 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child( efi_search_protocol(child_handle, &efi_http_guid, &phandler); - if (phandler) - protocol_interface = phandler->protocol_interface; + if (!phandler) + return EFI_EXIT(EFI_UNSUPPORTED); ret = efi_delete_handle(child_handle); if (ret != EFI_SUCCESS) return EFI_EXIT(ret); - http_instance = (struct efi_http_instance *)protocol_interface; + http_instance = phandler->protocol_interface; efi_free_pool(http_instance->http_load_addr); http_instance->http_load_addr = NULL; - free(protocol_interface); + free(phandler->protocol_interface); num_instances--; |