boot: Fix invalid free

LocateDevicePath() advances the device path pointer, making it invalid
when freed.

2 files changed, 5 insertions, 3 deletions

diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c
index 3ce6af42f9..fd9c489478 100644
--- a/src/boot/efi/shim.c
+++ b/src/boot/efi/shim.c
@@ -118,13 +118,14 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT
         if (!dev_path)
                 return EFI_OUT_OF_RESOURCES;
 
-        status = BS->LocateDevicePath(&FileSystemProtocol, &dev_path, &h);
+        EFI_DEVICE_PATH *dp = dev_path;
+        status = BS->LocateDevicePath(&FileSystemProtocol, &dp, &h);
         if (EFI_ERROR(status))
                 return status;
 
         /* No need to check return value, this already happened in efi_main() */
         root = LibOpenRoot(h);
-        dev_path_str = DevicePathToStr(dev_path);
+        dev_path_str = DevicePathToStr(dp);
         if (!dev_path_str)
                 return EFI_OUT_OF_RESOURCES;
 
diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c
index 81aa7f61ee..4972877d20 100644
--- a/src/boot/efi/xbootldr.c
+++ b/src/boot/efi/xbootldr.c
@@ -286,7 +286,8 @@ EFI_STATUS xbootldr_open(EFI_HANDLE *device, EFI_HANDLE *ret_device, EFI_FILE **
                 hd->SignatureType = SIGNATURE_TYPE_GUID;
         }
 
-        err = BS->LocateDevicePath(&BlockIoProtocol, &partition_path, &new_device);
+        EFI_DEVICE_PATH *dp = partition_path;
+        err = BS->LocateDevicePath(&BlockIoProtocol, &dp, &new_device);
         if (EFI_ERROR(err))
                 return err;