efi_loader: capsule: Record capsule result only if capsule is read

Record capsule update result only if the capsule file is
successfully read, because the capsule GUID is not sure when
the file can not be read or the file is not a capsule.
Without this fix, if user puts a dummy (non-capsule) file
under (ESP)EFI/UpdateCapsule, U-Boot causes a synchronous
abort.

This also fixes use-after-free bug of the 'capsule' variable.

Fixes: c74cd8bd08d1 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 850937fd120f33b9f091342980fe4f0b8108cea8..502bcfca6ec9f9230cbb71124dab09477062a00d 100644 (file)
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -1108,13 +1108,13 @@ efi_status_t efi_launch_capsules(void)
                                log_err("Applying capsule %ls failed\n",
                                        files[i]);
 
+                       /* create CapsuleXXXX */
+                       set_capsule_result(index, capsule, ret);
+
                        free(capsule);
                } else {
                        log_err("Reading capsule %ls failed\n", files[i]);
                }
-               /* create CapsuleXXXX */
-               set_capsule_result(index, capsule, ret);
-
                /* delete a capsule either in case of success or failure */
                ret = efi_capsule_delete_file(files[i]);
                if (ret != EFI_SUCCESS)