diff options
author | Jan Janssen <medhefgo@web.de> | 2022-01-13 12:32:07 +0100 |
---|---|---|
committer | Jan Janssen <medhefgo@web.de> | 2022-01-13 14:19:32 +0100 |
commit | 41b74a18b2879e37b1e084f7ab6bd276ce30c6c9 (patch) | |
tree | a4be9b0aa2fcbba90d6645c8a2aff6cd334058c7 /src/boot | |
parent | 2ebb69bc09e84c48072e8ec5faa8251dcd705282 (diff) | |
download | systemd-41b74a18b2879e37b1e084f7ab6bd276ce30c6c9.tar.gz |
boot: Fix invalid free
LocateDevicePath() advances the device path pointer, making it invalid
when freed.
Diffstat (limited to 'src/boot')
-rw-r--r-- | src/boot/efi/shim.c | 5 | ||||
-rw-r--r-- | src/boot/efi/xbootldr.c | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c index 3ce6af42f9..fd9c489478 100644 --- a/src/boot/efi/shim.c +++ b/src/boot/efi/shim.c @@ -118,13 +118,14 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT if (!dev_path) return EFI_OUT_OF_RESOURCES; - status = BS->LocateDevicePath(&FileSystemProtocol, &dev_path, &h); + EFI_DEVICE_PATH *dp = dev_path; + status = BS->LocateDevicePath(&FileSystemProtocol, &dp, &h); if (EFI_ERROR(status)) return status; /* No need to check return value, this already happened in efi_main() */ root = LibOpenRoot(h); - dev_path_str = DevicePathToStr(dev_path); + dev_path_str = DevicePathToStr(dp); if (!dev_path_str) return EFI_OUT_OF_RESOURCES; diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c index 81aa7f61ee..4972877d20 100644 --- a/src/boot/efi/xbootldr.c +++ b/src/boot/efi/xbootldr.c @@ -286,7 +286,8 @@ EFI_STATUS xbootldr_open(EFI_HANDLE *device, EFI_HANDLE *ret_device, EFI_FILE ** hd->SignatureType = SIGNATURE_TYPE_GUID; } - err = BS->LocateDevicePath(&BlockIoProtocol, &partition_path, &new_device); + EFI_DEVICE_PATH *dp = partition_path; + err = BS->LocateDevicePath(&BlockIoProtocol, &dp, &new_device); if (EFI_ERROR(err)) return err; |