[PATCH v2 2/2] efi_loader: fix memory leak in efi_sigstore_parse_siglist

[Ilias Apalodimas]

Hi Heinrich,

On Tue, 30 Jun 2026 at 02:35, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> When malloc() fails for sig_data->data, sig_data is leaked.
>
> Free sig_data before jumping to the error path.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> v2:
>         fix typo in subject
> ---
>  lib/efi_loader/efi_signature.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
> index 6aff5c14a89..1da656161bb 100644
> --- a/lib/efi_loader/efi_signature.c
> +++ b/lib/efi_loader/efi_signature.c
> @@ -717,6 +717,7 @@ efi_sigstore_parse_siglist(struct efi_signature_list *esl)
>                 sig_data->data = malloc(sig_data->size);
>                 if (!sig_data->data) {
>                         EFI_PRINT("Out of memory\n");
> +                       free(sig_data);

I think the problem is bigger than just the last node here.
efi_sigstore_free() walks sigstore->sig_data_list to free the
allocated memory. However, that's only assigned after everything has
succeded.
I think we should move the siglist->sig_data_list = sig_data_next;
within the loop and let efi_sigstore_free() deal with freeing memory
on error.


Thanks
/Ilias
>                         goto err;
>                 }
>                 memcpy(sig_data->data, esd->signature_data, sig_data->size);
> --
> 2.53.0
>