[PATCH 1/1] efi_loader: correctly check if the HTTP protocol is found
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Mon Oct 6 15:39:03 CEST 2025
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value)
Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
lib/efi_loader/efi_http.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c
index 9a0f2675132..2a606aa441e 100644
--- a/lib/efi_loader/efi_http.c
+++ b/lib/efi_loader/efi_http.c
@@ -460,14 +460,16 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
if (!child_handle)
return EFI_EXIT(EFI_INVALID_PARAMETER);
- efi_search_protocol(child_handle, &efi_http_guid, &phandler);
-
- if (!phandler)
- return EFI_EXIT(EFI_UNSUPPORTED);
+ ret = efi_search_protocol(child_handle, &efi_http_guid, &phandler);
+ if (ret != EFI_SUCCESS) {
+ if (ret != EFI_INVALID_PARAMETER)
+ ret = EFI_UNSUPPORTED;
+ goto out;
+ }
ret = efi_delete_handle(child_handle);
if (ret != EFI_SUCCESS)
- return EFI_EXIT(ret);
+ goto out;
http_instance = phandler->protocol_interface;
efi_free_pool(http_instance->http_load_addr);
@@ -476,8 +478,8 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
free(phandler->protocol_interface);
num_instances--;
-
- return EFI_EXIT(EFI_SUCCESS);
+out:
+ return EFI_EXIT(ret);
}
/**
--
2.51.0
More information about the U-Boot
mailing list