Skip to content

Commit 92630f2

Browse files
vathpelavathpela
committed
mirror_one_mok_variable(): fix a memory leak on TPM log error.
If measuring a mok variable to the TPM returns failure, this function returns, but never frees the data intended to be measured. This frees it. Resolves: Coverity CID 457503 Signed-off-by: Peter Jones <[email protected]>
1 parent b427a34 commit 92630f2

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

mok.c

+12-5
Original file line numberDiff line numberDiff line change
@@ -769,6 +769,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
769769
EFI_STATUS efi_status = EFI_SUCCESS;
770770
uint8_t *FullData = NULL;
771771
size_t FullDataSize = 0;
772+
bool allocated_full_data = false;
772773
vendor_addend_category_t addend_category = VENDOR_ADDEND_NONE;
773774
uint8_t *p = NULL;
774775
uint32_t attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -833,6 +834,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
833834
if (efi_status != EFI_BUFFER_TOO_SMALL) {
834835
perror(L"Could not add built-in cert to %s: %r\n",
835836
v->name, efi_status);
837+
goto err;
836838
return efi_status;
837839
}
838840
FullDataSize += addend_esl_sz;
@@ -917,6 +919,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
917919
FullDataSize, v->name);
918920
return EFI_OUT_OF_RESOURCES;
919921
}
922+
allocated_full_data = true;
920923
p = FullData;
921924
}
922925
}
@@ -946,7 +949,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
946949
if (EFI_ERROR(efi_status)) {
947950
perror(L"Could not add built-in cert to %s: %r\n",
948951
v->name, efi_status);
949-
return efi_status;
952+
goto err;
950953
}
951954
p += addend_esl_sz;
952955
dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -973,7 +976,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
973976
if (EFI_ERROR(efi_status)) {
974977
perror(L"Could not add built-in cert to %s: %r\n",
975978
v->name, efi_status);
976-
return efi_status;
979+
goto err;
977980
}
978981
p += build_cert_esl_sz;
979982
dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -1012,7 +1015,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
10121015
if (EFI_ERROR(efi_status)) {
10131016
perror(L"Failed to allocate %lu bytes for %s\n",
10141017
FullDataSize, v->name);
1015-
return efi_status;
1018+
goto err;
10161019
}
10171020
p = FullData + FullDataSize;
10181021
dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -1045,7 +1048,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
10451048
if (EFI_ERROR(efi_status)) {
10461049
dprint(L"tpm_measure_variable(\"%s\",%lu,0x%llx)->%r\n",
10471050
v->name, FullDataSize, FullData, efi_status);
1048-
return efi_status;
1051+
goto err;
10491052
}
10501053
}
10511054

@@ -1062,7 +1065,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
10621065
dprint(L"tpm_log_event(0x%llx, %lu, %lu, \"%s\")->%r\n",
10631066
FullData, FullDataSize, v->pcr, v->name,
10641067
efi_status);
1065-
return efi_status;
1068+
goto err;
10661069
}
10671070
}
10681071

@@ -1076,6 +1079,10 @@ mirror_one_mok_variable(struct mok_state_variable *v,
10761079
v->data_size = FullDataSize;
10771080
dprint(L"returning %r\n", efi_status);
10781081
return efi_status;
1082+
err:
1083+
if (FullData && allocated_full_data)
1084+
FreePool(FullData);
1085+
return efi_status;
10791086
}
10801087

10811088
/*

0 commit comments

Comments
 (0)