bootstd: android: avoid possible null pointer dereference

- avb_slot_verify_data_free() doesn't check its data parameter
- out_data can be null if avb_slot_verify() fails to allocate memory

Signed-off-by: Gary Bisson <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mattijs Korpershoek <[email protected]>

1 files changed, 4 insertions, 2 deletions

diff --git a/boot/bootmeth_android.c b/boot/bootmeth_android.c
index a5a86b29d7f..654ebfdf1fc 100644
--- a/boot/bootmeth_android.c
+++ b/boot/bootmeth_android.c
@@ -455,7 +455,8 @@ static int run_avb_verification(struct bootflow *bflow)
 		if (result != AVB_SLOT_VERIFY_RESULT_OK) {
 			printf("Verification failed, reason: %s\n",
 			       str_avb_slot_error(result));
-			avb_slot_verify_data_free(out_data);
+			if (out_data)
+				avb_slot_verify_data_free(out_data);
 			return log_msg_ret("avb verify", -EIO);
 		}
 		boot_state = AVB_GREEN;
@@ -465,7 +466,8 @@ static int run_avb_verification(struct bootflow *bflow)
 		    result != AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION) {
 			printf("Unlocked verification failed, reason: %s\n",
 			       str_avb_slot_error(result));
-			avb_slot_verify_data_free(out_data);
+			if (out_data)
+				avb_slot_verify_data_free(out_data);
 			return log_msg_ret("avb verify unlocked", -EIO);
 		}
 		boot_state = AVB_ORANGE;