From patchwork Fri Jan 22 01:42:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 368605 Delivered-To: patch@linaro.org Received: by 2002:a02:a60d:0:0:0:0:0 with SMTP id c13csp1077895jam; Thu, 21 Jan 2021 17:43:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJxYuzlhEJ0w7WCTsDvWadHfhq8KNm7oe9dtwqdcp0c3DSHsDsGWYxC6wjSDrnnXYaDSfO3f X-Received: by 2002:a17:906:7798:: with SMTP id s24mr1457559ejm.19.1611279804301; Thu, 21 Jan 2021 17:43:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611279804; cv=none; d=google.com; s=arc-20160816; b=J104d5EdQpOjUphRiE3wehUGKROMjk/KZyS4TNDDPgcDH0WldrygUooa43La0qyvkW V02THnYryGX6V7pey8XiY0gr+BZgmhTuf1boZYDyfhxDyP/Hms2k6PdYNFX1Y26BEcKC alZWE6obIOBX7+W2FB66Qn8nz5fX2fQTwOaJ4olLagzOWbsEP+Ee2691eC3UiTkeDmMB 4J3w8jMILfkfSBRMtNTkP0BDO2ITgkMT8m3qdJLovoyuodqsMtngQoJvli4VPGRaoLeF 0fuzVMG7GP8p1oPcPIJUFGaXU06gK5Apyh9iS8Srl5Z05q0gwCupe0sMhR+i/pEYsXDM zwfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=eO/ovG39HADOWUmOxdf7U4d1dttZbVXuyfIJSrDzQf4=; b=mH7MVoc8by5hIcCFEWMvvMdo0qVFEZ5GIYpqiaDV93l/Xb/mZSV2Fw7Zyp5HBviQ+a y2T6H6EFxX+4N6FTTZeeKRL30ojZNWNwNQfZu/gXK+kKIz5iAlmCQiUCN6JB5KOrLuEN 1+b4Hsmz719xWHQbvMsww/NC+Vud0g8wwiDYaqQgx6cs8PGKH+4RHGR4Cx1JT4u+gmRW txrnSBLjHWUq5QHwenn+2//yDCvbamTBa5E6Ihqd6cbjTQ+L6DDvFmpfbGpMDP6W5AKO F2TuNDOUcSfxYwrBoCIpz/DiIpWbS6XvrBvjqf7RvtWXrGBPv6EwXcHh5ozhfPD4rRYh YAPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HWUFGFgL; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id b6si3131235edu.567.2021.01.21.17.43.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jan 2021 17:43:24 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HWUFGFgL; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5E5CD828E3; Fri, 22 Jan 2021 02:43:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HWUFGFgL"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2E142828D6; Fri, 22 Jan 2021 02:43:16 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3D04A82827 for ; Fri, 22 Jan 2021 02:43:13 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x535.google.com with SMTP id n25so2632495pgb.0 for ; Thu, 21 Jan 2021 17:43:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=eO/ovG39HADOWUmOxdf7U4d1dttZbVXuyfIJSrDzQf4=; b=HWUFGFgLZHUFy5xCMjxogOunQMVEnEO66uA6cgtXiEqdzWh1vcxe1yHZUT6cHmAK6I fYkU3hOtKVJfYc12tLnHynEZXA/ONP67fF0/jhSAf1Z2Xn0CzjjOPrHaDuj4SgpUPhEM JvgEgZWFDwtNx/c5Y2X0wvf2M4hxaiwqWvlEBoDXZzm19mlAkgK+BD3w0b0UKJtpNtOG pPXCQHtNoKP2RfBS7QSgeeYdGfN3sVD6Ixa2Q6n/G8TfK/f5JdqtPMuA2UTp2tUDpUs6 x61LrrMbCJeaY6C9/aSWtmov3EbNKyhMriML7Kmtku0JkrleBRvxENYqp/HJ8JMTS3JD trKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=eO/ovG39HADOWUmOxdf7U4d1dttZbVXuyfIJSrDzQf4=; b=BhdoaZurdGpMR8/LeKa/XWS+akDku1k8n8F5qK8L0pS5ntJNy/Xbha3NEv2eUzKeC0 66lzjFdORWcS1dMmSob/lde7R+pxl+9lCY0bsnOtIuFuKiCz4U+jCKb9WedzNdBmdEI7 KTooXDKuMJqF4L0+VJ5jLQqGVQLUtpBMVjFovy88nSOQlwMDH31mlw2+mqRiVetsbeCP 5Aups9xdfMQebyGowIC2ZUGd/a469Nfg1ZakHKSrQ1akSHct5XZvHyR0pXhtpkfh1Cak TE3IrrjgWBshhVOwIcUL95b1dYjANePXHJAnKFzoITvqQxw0Uk3mi/74H6kbtDDAO5Rw eCJA== X-Gm-Message-State: AOAM533yFbRBCT/EFVKWm5YvgFt1CHj0781KJV6XtoQrQevhPiOEAl3M VGyq7d9gP/6dqMzecWywD5Dygg== X-Received: by 2002:a62:4e43:0:b029:1a4:684c:87ea with SMTP id c64-20020a624e430000b02901a4684c87eamr2330842pfb.75.1611279791376; Thu, 21 Jan 2021 17:43:11 -0800 (PST) Received: from localhost.localdomain (p73a21355.tkyea130.ap.so-net.ne.jp. [115.162.19.85]) by smtp.gmail.com with ESMTPSA id t8sm6973912pjm.45.2021.01.21.17.43.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jan 2021 17:43:10 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, xypron.glpk@gmx.de, agraf@csgraf.de Cc: u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH] cmd: efidebug: always check return code from get_variable() Date: Fri, 22 Jan 2021 10:42:48 +0900 Message-Id: <20210122014248.20514-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean CID 316364 says: > Null pointer dereferences (FORWARD_NULL) > printf("Result total size: 0x%x\n", result->variable_total_size); at do_efi_capsule_res(). The code is basically safe because a buffer for "result" is allocated by malloc() and filled up by the second get_variable(), which fails any way if the allocation has failed. But the first (and second) get_variable() possibly returns an error other than EFI_SUCCESS. We always need to check the return code from get_variable() before accessing the data in "result". While this change won't suppress CID 316364, the resulting code is much safer. Signed-off-by: AKASHI Takahiro --- cmd/efidebug.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) -- 2.28.0 Reviewed-by: Heinrich Schuchardt diff --git a/cmd/efidebug.c b/cmd/efidebug.c index 9a2d4ddd5ef4..83bc2196a5a9 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -189,14 +189,16 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag, ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, NULL)); if (ret == EFI_BUFFER_TOO_SMALL) { result = malloc(size); + if (!result) + return CMD_RET_FAILURE; ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, result)); - if (ret != EFI_SUCCESS) { - free(result); - printf("Failed to get %ls\n", var_name16); + } + if (ret != EFI_SUCCESS) { + free(result); + printf("Failed to get %ls\n", var_name16); - return CMD_RET_FAILURE; - } + return CMD_RET_FAILURE; } printf("Result total size: 0x%x\n", result->variable_total_size);