shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

boot/efi: fix NULL dereference

Browse Source 
The comment above makes the intent of the code pretty clear:
"use security2_protocol == NULL as indicator".
So revert the condition in the check and fix the logic in the comment while
at it.

The question is how this could have ever worked: if BS->LocateProtocol
(which is supposedly optional) ever failed, we'd crash here. Strange.

Found by coverity.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-11-27 12:22:56 +00:00
parent bdd73ac5c2
commit bceda88b52
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/boot/efi/shim.c
View File

@ -208,9 +208,9 @@ EFI_STATUS security_policy_install(void) {
return EFI_ALREADY_STARTED;
/*
* Don't bother with status here. The call is allowed
* to fail, since SECURITY2 was introduced in PI 1.2.1
* If it fails, use security2_protocol == NULL as indicator
* Don't bother with status here. The call is allowed
* to fail, since SECURITY2 was introduced in PI 1.2.1.
* Use security2_protocol == NULL as indicator.
*/
uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security2_protocol_guid, NULL, (VOID**) &security2_protocol);
@ -219,14 +219,14 @@ EFI_STATUS security_policy_install(void) {
if (status != EFI_SUCCESS)
return status;
if (!security2_protocol) {
esfas = security_protocol->FileAuthenticationState;
security_protocol->FileAuthenticationState = security_policy_authentication;
if (security2_protocol) {
es2fa = security2_protocol->FileAuthentication;
security2_protocol->FileAuthentication = security2_policy_authentication;
}
esfas = security_protocol->FileAuthenticationState;
security_protocol->FileAuthenticationState = security_policy_authentication;
return EFI_SUCCESS;
}