cmd: efidebug: always check return code from get_variable()
CID 316364 says:
> Null pointer dereferences (FORWARD_NULL)
> printf("Result total size: 0x%x\n", result->variable_total_size);
at do_efi_capsule_res().
The code is basically safe because a buffer for "result" is allocated
by malloc() and filled up by the second get_variable(), which fails any way
if the allocation has failed.
But the first (and second) get_variable() possibly returns an error other
than EFI_SUCCESS. We always need to check the return code from
get_variable() before accessing the data in "result".
While this change won't suppress CID 316364, the resulting code is much
safer.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index 9a2d4dd..83bc219 100644
--- a/cmd/efidebug.c
+++ b/cmd/efidebug.c
@@ -189,14 +189,16 @@
ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, NULL));
if (ret == EFI_BUFFER_TOO_SMALL) {
result = malloc(size);
+ if (!result)
+ return CMD_RET_FAILURE;
ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size,
result));
- if (ret != EFI_SUCCESS) {
- free(result);
- printf("Failed to get %ls\n", var_name16);
+ }
+ if (ret != EFI_SUCCESS) {
+ free(result);
+ printf("Failed to get %ls\n", var_name16);
- return CMD_RET_FAILURE;
- }
+ return CMD_RET_FAILURE;
}
printf("Result total size: 0x%x\n", result->variable_total_size);