fix verify_mok()

() Fix the return value semantics. If the MokList doesn't
exist, we are OK. If the MokList was compromised but we
were able to erase it, that is OK too. Only if the list
can't be nuked do we return an error.

() Fix use of potentially uninitialized attribute variable

() Actually use the return value when called from verify_buffer.

Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

1 files changed, 5 insertions, 4 deletions

diff --git a/shim.c b/shim.c
index 23dd0eeb..dcb36d0d 100644
--- a/shim.c
+++ b/shim.c
@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) {
 	status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize,
 				   shim_lock_guid, &attributes);
 
-	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+	if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
 		Print(L"MokList is compromised!\nErase all keys in MokList!\n");
 		if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
 			Print(L"Failed to erase MokList\n");
+                        return EFI_ACCESS_DENIED;
 		}
-		status = EFI_ACCESS_DENIED;
-		return status;
 	}
 
 	if (MokListData)
@@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	/*
 	 * Check that the MOK database hasn't been modified
 	 */
-	verify_mok();
+	status = verify_mok();
+	if (status != EFI_SUCCESS)
+		return status;
 
 	/*
 	 * Ensure that the binary isn't blacklisted