efi_loader: pkcs7_parse_message() returns error pointer

Thu May 7 02:17:14 CEST 2020

Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL.  We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.

Signed-off-by: Patrick Wildt <patrick at blueri.se>

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 5a9a6424cc..43a53d3dd1 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -538,8 +538,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 		}
 		msg = pkcs7_parse_message((void *)wincert + sizeof(*wincert),
 					  wincert->dwLength - sizeof(*wincert));
-		if (!msg) {
+		if (IS_ERR(msg)) {
 			debug("Parsing image's signature failed\n");
+			msg = NULL;
 			goto err;
 		}
 
