GitHub-Mirror/u-boot
2
0
Fork 0
mirror of https://github.com/Fishwaldo/u-boot.git synced 2025-03-15 19:51:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cmd: efidebug: always check return code from get_variable()

Browse source 
CID 316364 says:
> Null pointer dereferences  (FORWARD_NULL)
>	printf("Result total size: 0x%x\n", result->variable_total_size);
at do_efi_capsule_res().

The code is basically safe because a buffer for "result" is allocated
by malloc() and filled up by the second get_variable(), which fails any way
if the allocation has failed.

But the first (and second) get_variable() possibly returns an error other
than EFI_SUCCESS. We always need to check the return code from
get_variable() before accessing the data in "result".

While this change won't suppress CID 316364, the resulting code is much
safer.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
AKASHI Takahiro 2021-01-22 10:42:48 +09:00 committed by Heinrich Schuchardt
parent 6e8c28cf52
commit 30f8222bb0
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
cmd/efidebug.c
View file

@ -189,14 +189,16 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag,
ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, NULL));
if (ret == EFI_BUFFER_TOO_SMALL) {
result = malloc(size);
if (!result)
return CMD_RET_FAILURE;
ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size,
result));
if (ret != EFI_SUCCESS) {
free(result);
printf("Failed to get %ls\n", var_name16);
}
if (ret != EFI_SUCCESS) {
free(result);
printf("Failed to get %ls\n", var_name16);
return CMD_RET_FAILURE;
}
return CMD_RET_FAILURE;
}
printf("Result total size: 0x%x\n", result->variable_total_size);