From: AKASHI Takahiro Date: Fri, 22 Jan 2021 01:42:48 +0000 (+0900) Subject: cmd: efidebug: always check return code from get_variable() X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=30f8222bb0016eef29afdd997bd1b3cdc486fdf9;p=u-boot.git cmd: efidebug: always check return code from get_variable() CID 316364 says: > Null pointer dereferences (FORWARD_NULL) > printf("Result total size: 0x%x\n", result->variable_total_size); at do_efi_capsule_res(). The code is basically safe because a buffer for "result" is allocated by malloc() and filled up by the second get_variable(), which fails any way if the allocation has failed. But the first (and second) get_variable() possibly returns an error other than EFI_SUCCESS. We always need to check the return code from get_variable() before accessing the data in "result". While this change won't suppress CID 316364, the resulting code is much safer. Signed-off-by: AKASHI Takahiro Signed-off-by: Heinrich Schuchardt --- diff --git a/cmd/efidebug.c b/cmd/efidebug.c index 9a2d4ddd5e..83bc2196a5 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -189,14 +189,16 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag, ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, NULL)); if (ret == EFI_BUFFER_TOO_SMALL) { result = malloc(size); + if (!result) + return CMD_RET_FAILURE; ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, result)); - if (ret != EFI_SUCCESS) { - free(result); - printf("Failed to get %ls\n", var_name16); + } + if (ret != EFI_SUCCESS) { + free(result); + printf("Failed to get %ls\n", var_name16); - return CMD_RET_FAILURE; - } + return CMD_RET_FAILURE; } printf("Result total size: 0x%x\n", result->variable_total_size);