Message ID | 20210811150231.31690-1-nick.child@ibm.com |
---|---|
State | Accepted |
Headers | show |
Series | secvar: Free md context on hash error | expand |
On 8/11/21 8:32 PM, Nick Child wrote: > There were a few instances in `get_hash_to_verify` where NULL is > returned before unallocating the md context. This commit ensures that > this memory is properly freed before returning. > > Signed-off-by: Nick Child <nick.child@ibm.com> Thanks! Merged to master as 7744e8ac4. -Vasant
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index bd7a0abb..770c3706 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -643,7 +643,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data, || key_equals(key, "dbx")) guid = EFI_IMAGE_SECURITY_DATABASE_GUID; else - return NULL; + goto out; /* Expand char name to wide character width */ varlen = strlen(key) * 2; @@ -672,7 +672,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data, hash = zalloc(32); if (!hash) - return NULL; + goto out; rc = mbedtls_md_finish(&ctx, hash); if (rc) { free(hash);
There were a few instances in `get_hash_to_verify` where NULL is returned before unallocating the md context. This commit ensures that this memory is properly freed before returning. Signed-off-by: Nick Child <nick.child@ibm.com> --- libstb/secvar/backend/edk2-compat-process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)