efi_loader: fix memory leak in efi_var_collect

Barebox has now ported some of the UEFI code. In the process they found some bugs. In this case when the variable buffer is too small, efi_var_collect() returns EFI_BUFFER_TOO_SMALL but doesn't free the allocated 'buf'. Fixes: 5f7dcf079de8c ("efi_loader: UEFI variable persistence") Signed-off-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
author: Ilias Apalodimas <[email protected]> 2026-06-19 11:38:29 +0300
committer: Heinrich Schuchardt <[email protected]> 2026-06-21 10:25:08 +0200
commit: 1f5c8eac2f299bd3a2fc748b068acbb4b90d592d (patch)
tree: 967e33122e7e7ba0d9e8926f642e2166a29788ea
parent: eb6f420836bb30e8c54c140f1bea3e2c88f5b201 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index d63c2d1b1cd..e51b21fe0b0 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -446,8 +446,10 @@ efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *
 		efi_status_t ret;
 
 		if ((uintptr_t)buf + len <=
-		    (uintptr_t)var->name + old_var_name_length)
+		    (uintptr_t)var->name + old_var_name_length) {
+			free(buf);
 			return EFI_BUFFER_TOO_SMALL;
+		}
 
 		var_name_length = (uintptr_t)buf + len - (uintptr_t)var->name;
 		memcpy(var->name, old_var->name, old_var_name_length);
author	Ilias Apalodimas <[email protected]>	2026-06-19 11:38:29 +0300
committer	Heinrich Schuchardt <[email protected]>	2026-06-21 10:25:08 +0200
commit	1f5c8eac2f299bd3a2fc748b068acbb4b90d592d (patch)
tree	967e33122e7e7ba0d9e8926f642e2166a29788ea
parent	eb6f420836bb30e8c54c140f1bea3e2c88f5b201 (diff)