From 11a64138f5f3525c2b02059e316701c4f55714cb Mon Sep 17 00:00:00 2001 From: Andrew Goodbody Date: Fri, 3 Oct 2025 15:54:34 +0100 Subject: efi_loader: Prevent leak of memory from tmp_files After the malloc of tmp_files and before its value is recorded an early exit will need to free tmp_files to prevent leaking that memory. This issue was found by Smatch. Signed-off-by: Andrew Goodbody Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_capsule.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/efi_loader') diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index f19e78ae9d1..31b47a20186 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -1096,8 +1096,10 @@ static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num) while (1) { tmp_size = dirent_size; ret = EFI_CALL((*dirh->read)(dirh, &tmp_size, dirent)); - if (ret != EFI_SUCCESS) + if (ret != EFI_SUCCESS) { + free(tmp_files); goto err; + } if (!tmp_size) break; -- cgit v1.2.3 From 163f9d04fbd19cd1c39f2adad92e770b0a94a3a4 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 6 Oct 2025 15:39:03 +0200 Subject: efi_loader: correctly check if the HTTP protocol is found In function efi_http_service_binding_destroy_child() phandler is created as as a local variable. If efi_search_protocol() fails, phandler will hold a random value from the stack. Even it is not zero, we must not use it. If efi_search_protocol() succeeds, the pointer has already be dereferenced, so checking against NULL makes not sense here. If ChildHandle is not a valid UEFI handle, we must return EFI_INVALID_PARAMETER. Use a single location for EFI_EXIT(). Addresses-Coverity-ID: CID 531974 (Unchecked return value) Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable") Reviewed-by: Ilias Apalodimas Reviewed-by: Simon Glass Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_http.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'lib/efi_loader') diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c index 9a0f2675132..2a606aa441e 100644 --- a/lib/efi_loader/efi_http.c +++ b/lib/efi_loader/efi_http.c @@ -460,14 +460,16 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child( if (!child_handle) return EFI_EXIT(EFI_INVALID_PARAMETER); - efi_search_protocol(child_handle, &efi_http_guid, &phandler); - - if (!phandler) - return EFI_EXIT(EFI_UNSUPPORTED); + ret = efi_search_protocol(child_handle, &efi_http_guid, &phandler); + if (ret != EFI_SUCCESS) { + if (ret != EFI_INVALID_PARAMETER) + ret = EFI_UNSUPPORTED; + goto out; + } ret = efi_delete_handle(child_handle); if (ret != EFI_SUCCESS) - return EFI_EXIT(ret); + goto out; http_instance = phandler->protocol_interface; efi_free_pool(http_instance->http_load_addr); @@ -476,8 +478,8 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child( free(phandler->protocol_interface); num_instances--; - - return EFI_EXIT(EFI_SUCCESS); +out: + return EFI_EXIT(ret); } /** -- cgit v1.2.3 From 186b2d24075992e2c19a769578a690ea890eedb1 Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Fri, 10 Oct 2025 13:59:31 +0300 Subject: efi_loader: Use ESRT_FW_TYPE_SYSTEMFIRMWARE instead of ESRT_FW_TYPE_UNKNOWN We currently set the firmware image type to ESRT_FW_TYPE_UNKNOWN. The spec defines the following: ESRT_FW_TYPE_UNKNOWN 0x00000000 ESRT_FW_TYPE_SYSTEMFIRMWARE 0x00000001 ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002 ESRT_FW_TYPE_UEFIDRIVER 0x00000003 Since we don't support updating DEVICEFIRMWARE or UEFIDRIVER types, let's switch over to SYSTEMFIRMWARE which seems more appropriate. Suggested-by: Michal Simek Signed-off-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_esrt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/efi_loader') diff --git a/lib/efi_loader/efi_esrt.c b/lib/efi_loader/efi_esrt.c index e235c8fe91c..3cc389eb11c 100644 --- a/lib/efi_loader/efi_esrt.c +++ b/lib/efi_loader/efi_esrt.c @@ -236,7 +236,7 @@ efi_status_t efi_esrt_add_from_fmp(struct efi_firmware_management_protocol *fmp) * TODO: set the field image_type depending on the FW image type * defined in a platform basis. */ - u32 image_type = ESRT_FW_TYPE_UNKNOWN; + u32 image_type = ESRT_FW_TYPE_SYSTEMFIRMWARE; /* TODO: set the capsule flags as a function of the FW image type. */ u32 flags = 0; -- cgit v1.2.3 From ac59ac1b7cfe25dd09164cbe3b29c470474a8dad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= Date: Mon, 13 Oct 2025 16:21:08 +0200 Subject: efi_loader: dbginfodump: use guid definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the Debug Image Info Table GUID definition from efi_api.h instead or redefining it locally. Signed-off-by: Vincent Stehlé Cc: Heinrich Schuchardt Cc: Ilias Apalodimas Cc: Tom Rini Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/dbginfodump.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/efi_loader') diff --git a/lib/efi_loader/dbginfodump.c b/lib/efi_loader/dbginfodump.c index adbbd5060cc..55186bd03f4 100644 --- a/lib/efi_loader/dbginfodump.c +++ b/lib/efi_loader/dbginfodump.c @@ -24,10 +24,8 @@ static efi_guid_t guid_device_path_to_text_protocol = static struct efi_device_path_to_text_protocol *device_path_to_text; -/* EFI_DEBUG_IMAGE_INFO_TABLE_GUID */ static const efi_guid_t dbg_info_guid = - EFI_GUID(0x49152E77, 0x1ADA, 0x4764, 0xB7, 0xA2, - 0x7A, 0xFE, 0xFE, 0xD9, 0x5E, 0x8B); + EFI_DEBUG_IMAGE_INFO_TABLE_GUID; /* EFI_DEBUG_IMAGE_INFO_NORMAL */ struct dbg_info { -- cgit v1.2.3