[PATCH 1/1] efi_loader: correctly check if the HTTP protocol is found
Ilias Apalodimas
ilias.apalodimas at linaro.org
Tue Oct 7 08:43:35 CEST 2025
On Mon, 6 Oct 2025 at 16:39, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> In function efi_http_service_binding_destroy_child() phandler is created as
> as a local variable. If efi_search_protocol() fails, phandler will hold a
> random value from the stack. Even it is not zero, we must not use it.
>
> If efi_search_protocol() succeeds, the pointer has already be dereferenced,
> so checking against NULL makes not sense here.
>
> If ChildHandle is not a valid UEFI handle, we must return
> EFI_INVALID_PARAMETER.
>
> Use a single location for EFI_EXIT().
>
> Addresses-Coverity-ID: CID 531974 (Unchecked return value)
> Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> lib/efi_loader/efi_http.c | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c
> index 9a0f2675132..2a606aa441e 100644
> --- a/lib/efi_loader/efi_http.c
> +++ b/lib/efi_loader/efi_http.c
> @@ -460,14 +460,16 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
> if (!child_handle)
> return EFI_EXIT(EFI_INVALID_PARAMETER);
>
> - efi_search_protocol(child_handle, &efi_http_guid, &phandler);
> -
> - if (!phandler)
> - return EFI_EXIT(EFI_UNSUPPORTED);
> + ret = efi_search_protocol(child_handle, &efi_http_guid, &phandler);
> + if (ret != EFI_SUCCESS) {
> + if (ret != EFI_INVALID_PARAMETER)
> + ret = EFI_UNSUPPORTED;
> + goto out;
> + }
>
> ret = efi_delete_handle(child_handle);
> if (ret != EFI_SUCCESS)
> - return EFI_EXIT(ret);
> + goto out;
>
> http_instance = phandler->protocol_interface;
> efi_free_pool(http_instance->http_load_addr);
> @@ -476,8 +478,8 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
> free(phandler->protocol_interface);
>
> num_instances--;
> -
> - return EFI_EXIT(EFI_SUCCESS);
> +out:
> + return EFI_EXIT(ret);
> }
>
> /**
> --
> 2.51.0
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
More information about the U-Boot
mailing list