rhboot · vathpela · Mar 14, 2025 · Mar 12, 2025 · Mar 12, 2025 · Mar 12, 2025
diff --git a/generate_sbat_var_defs.c b/generate_sbat_var_defs.c
@@ -27,8 +27,9 @@ readfile(char *SbatLevel_Variable)
 	FILE *varfilep;
 	char line[1024];
 	int date;
+	int ret = -1;
 
-	int revocationsp = 0;
+	unsigned int revocationsp = 0;
 
 	sbat_revocation *revlistlast = NULL;
 	sbat_revocation *revlistentry = NULL;
@@ -41,10 +42,9 @@ readfile(char *SbatLevel_Variable)
 
 	while (fgets(line, sizeof(line), varfilep) != NULL) {
 		if (sscanf(line, "sbat,1,%d\n", &date) && strlen(line) == 18) {
-			revlistentry =
-				(sbat_revocation *)malloc(sizeof(sbat_revocation));
+			revlistentry = calloc(1, sizeof(sbat_revocation));
 			if (revlistentry == NULL)
-				return -1;
+				goto err;
 			if (revlisthead == NULL)
 				revlisthead = revlistentry;
 			else
@@ -55,25 +55,42 @@ readfile(char *SbatLevel_Variable)
 			revlistentry->date = date;
 			while (line[0] != '\n' &&
 			       fgets(line, sizeof(line), varfilep) != NULL) {
-					revlistentry->revocations =
-						(char *)realloc(revlistentry->revocations,
-								 revocationsp +
-								 strlen(line) + 1);
-					if (revlistentry->revocations == NULL)
-						return -1;
-					if (strlen(line) > 1) {
-						line[strlen(line) -1] = 0;
-						sprintf(revlistentry->revocations
-							+ revocationsp, "%s\\n", line);
-					revocationsp = revocationsp + strlen(line) + 2;
-					}
+				char *new = NULL;
+				new = realloc(revlistentry->revocations,
+				              revocationsp + strlen(line) + 1);
+				if (new == NULL) {
+					ret = -1;
+					goto err;
+				}
+				revlistentry->revocations = new;
+				if (strlen(line) > 1) {
+					line[strlen(line) - 1] = 0;
+					sprintf(revlistentry->revocations +
+					                revocationsp,
+					        "%s\\n", line);
+					revocationsp =
+						revocationsp + strlen(line) + 2;
+				}
 			}
 			revocationsp = 0;
-
 		}
 	}
 
-	return 1;
+	ret = 1;
+err:
+	if (ret < 0 && revlisthead) {
+		sbat_revocation *rle = revlisthead;
+		while (rle) {
+			sbat_revocation *next = rle->next;
+			if (rle->revocations)
+				free(rle->revocations);
+			free(rle);
+			rle = next;
+		}
+		revlisthead = NULL;
+	}
+	fclose(varfilep);
+	return ret;
 }
 
 int

diff --git a/include/fanalyzer.mk b/include/fanalyzer.mk
@@ -21,7 +21,7 @@ fanalyzer-build-all : COMPILER=gcc
 fanalyzer-build-all : CCACHE_DISABLE=1
 fanalyzer-build-all : FEATUREFLAGS+=-fanalyzer
 fanalyzer-build-all : WERRFLAGS=-Werror=analyzer-null-dereference
-fanalyzer-build-all : IGNORE_COMPILER_ERRORS=" || :"
+fanalyzer-build-all : IGNORE_COMPILER_ERRORS= || :
 fanalyzer-build-all : all
 
 fanalyzer-no-openssl : | fanalyzer-test

diff --git a/lib/simple_file.c b/lib/simple_file.c
@@ -288,7 +288,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 		goto out;
 	ptr = next = *entries;
 
-	for (i = 0; i < tot; i++) {
+	for (i = 0; next && i < tot; i++) {
 		int len = StrLen(next->FileName);
 
 		for (c = 0; c < filtercount; c++) {
@@ -311,7 +311,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 	*count = 0;
 	ptr = next = *entries;
 
-	for (i = 0; i < tot; i++) {
+	for (i = 0; next && i < tot; i++) {
 		int len = StrLen(next->FileName);
 
 		if (StrCmp(next->FileName, L".") == 0)

diff --git a/lib/variables.c b/lib/variables.c
@@ -226,6 +226,8 @@ SetSecureVariable(const CHAR16 * const var, UINT8 *Data, UINTN len,
 	}
 	efi_status = CreateTimeBasedPayload(&DataSize, (UINT8 **)&Cert);
 	if (EFI_ERROR(efi_status)) {
+		if (Cert && Cert != (EFI_SIGNATURE_LIST *)Data)
+			FreePool(Cert);
 		console_print(L"Failed to create time based payload %d\n",
 			      efi_status);
 		return efi_status;

diff --git a/loader-proto.c b/loader-proto.c
@@ -170,7 +170,7 @@ shim_load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle,
 {
 	SHIM_LOADED_IMAGE *image;
 	EFI_STATUS efi_status;
-	buffer_properties_t bprop;
+	buffer_properties_t bprop = { NULL, NULL, NULL, 0 };
 
 	if (BootPolicy)
 		return EFI_UNSUPPORTED;

diff --git a/mok.c b/mok.c
@@ -578,7 +578,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
 }
 
 static EFI_STATUS
-mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
+mirror_mok_db(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
 	      UINT8 *FullData, SIZE_T FullDataSize, BOOLEAN only_first)
 {
 	EFI_STATUS efi_status = EFI_SUCCESS;
@@ -604,15 +604,13 @@ mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
 		return efi_status;
 	}
 
-	CHAR16 *namen;
-	CHAR8 *namen8;
+	CHAR16 *namen = NULL;
 	UINTN namelen, namesz;
 
 	namelen = StrLen(name);
 	namesz = namelen * 2;
 	if (only_first) {
 		namen = name;
-		namen8 = name8;
 	} else {
 		namelen += 18;
 		namesz += 34;
@@ -621,12 +619,6 @@ mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
 			LogError(L"Could not allocate %lu bytes", namesz);
 			return EFI_OUT_OF_RESOURCES;
 		}
-		namen8 = AllocateZeroPool(namelen);
-		if (!namen8) {
-			FreePool(namen);
-			LogError(L"Could not allocate %lu bytes", namelen);
-			return EFI_OUT_OF_RESOURCES;
-		}
 	}
 
 	UINTN pos, i;
@@ -668,11 +660,6 @@ mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
 		if (!only_first) {
 			SPrint(namen, namelen, L"%s%lu", name, i);
 			namen[namelen-1] = 0;
-			/* uggggh */
-			UINTN j;
-			for (j = 0; j < namelen; j++)
-				namen8[j] = (CHAR8)(namen[j] & 0xff);
-			namen8[namelen - 1] = 0;
 		}
 
 		/*
@@ -685,7 +672,6 @@ mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
 				 efi_status);
 			if (!only_first) {
 				FreePool(namen);
-				FreePool(namen8);
 			}
 			return efi_status;
 		}
@@ -740,6 +726,9 @@ mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
 			break;
 		i++;
 	}
+	if (namen && namen != name) {
+		FreePool(namen);
+	}
 
 	if (EFI_ERROR(efi_status)) {
 		perror(L"Failed to set %s: %r\n", name, efi_status);
@@ -783,6 +772,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 	EFI_STATUS efi_status = EFI_SUCCESS;
 	uint8_t *FullData = NULL;
 	size_t FullDataSize = 0;
+	bool allocated_full_data = false;
 	vendor_addend_category_t addend_category = VENDOR_ADDEND_NONE;
 	uint8_t *p = NULL;
 	uint32_t attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -847,6 +837,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 			if (efi_status != EFI_BUFFER_TOO_SMALL) {
 				perror(L"Could not add built-in cert to %s: %r\n",
 				       v->name, efi_status);
+				goto err;
 				return efi_status;
 			}
 			FullDataSize += addend_esl_sz;
@@ -931,6 +922,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 				       FullDataSize, v->name);
 				return EFI_OUT_OF_RESOURCES;
 			}
+			allocated_full_data = true;
 			p = FullData;
 		}
 	}
@@ -960,7 +952,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 			if (EFI_ERROR(efi_status)) {
 				perror(L"Could not add built-in cert to %s: %r\n",
 				       v->name, efi_status);
-				return efi_status;
+				goto err;
 			}
 			p += addend_esl_sz;
 			dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -987,7 +979,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 			if (EFI_ERROR(efi_status)) {
 				perror(L"Could not add built-in cert to %s: %r\n",
 				       v->name, efi_status);
-				return efi_status;
+				goto err;
 			}
 			p += build_cert_esl_sz;
 			dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -1026,7 +1018,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 		if (EFI_ERROR(efi_status)) {
 			perror(L"Failed to allocate %lu bytes for %s\n",
 			       FullDataSize, v->name);
-			return efi_status;
+			goto err;
 		}
 		p = FullData + FullDataSize;
 		dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
@@ -1039,7 +1031,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 	    !(v->flags & MOK_VARIABLE_CONFIG_ONLY)) {
 		dprint(L"calling mirror_mok_db(\"%s\",  datasz=%lu)\n",
 		       v->rtname, FullDataSize);
-		efi_status = mirror_mok_db(v->rtname, (CHAR8 *)v->rtname8, v->guid,
+		efi_status = mirror_mok_db(v->rtname, v->guid,
 					   attrs, FullData, FullDataSize,
 					   only_first);
 		dprint(L"mirror_mok_db(\"%s\",  datasz=%lu) returned %r\n",
@@ -1059,7 +1051,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 			if (EFI_ERROR(efi_status)) {
 				dprint(L"tpm_measure_variable(\"%s\",%lu,0x%llx)->%r\n",
 				       v->name, FullDataSize, FullData, efi_status);
-				return efi_status;
+				goto err;
 			}
 		}
 
@@ -1076,7 +1068,7 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 				dprint(L"tpm_log_event(0x%llx, %lu, %lu, \"%s\")->%r\n",
 				       FullData, FullDataSize, v->pcr, v->name,
 				       efi_status);
-				return efi_status;
+				goto err;
 			}
 		}
 
@@ -1090,6 +1082,10 @@ mirror_one_mok_variable(struct mok_state_variable *v,
 	v->data_size = FullDataSize;
 	dprint(L"returning %r\n", efi_status);
 	return efi_status;
+err:
+	if (FullData && allocated_full_data)
+		FreePool(FullData);
+	return efi_status;
 }
 
 /*