Don't free GetVariable() return data without checking the status code.

This breaks every machine from before Secure Boot was a thing. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2013-10-30 16:36:01 -0400
committer: Peter Jones <pjones@redhat.com> 2013-10-30 16:36:01 -0400
commit: 6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a (patch)
tree: fa1a7599161f261285bb9a9add11182d4e567109
parent: 321797142eb9491aaada80a9b514e6a4005d3eec (diff)
download: efi-boot-shim-6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a.tar.gz
efi-boot-shim-6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/shim.c b/shim.c
index 9d0d8840..00813425 100644
--- a/shim.c
+++ b/shim.c
@@ -456,21 +456,30 @@ static BOOLEAN secure_mode (void)
 		return FALSE;
 
 	status = get_variable(L"SecureBoot", &Data, &len, global_var);
+	if (status != EFI_SUCCESS) {
+		if (verbose)
+			console_notify(L"Secure boot not enabled\n");
+		return FALSE;
+	}
 	sb = *Data;
 	FreePool(Data);
 
-	/* FIXME - more paranoia here? */
-	if (status != EFI_SUCCESS || sb != 1) {
+	if (sb != 1) {
 		if (verbose)
 			console_notify(L"Secure boot not enabled\n");
 		return FALSE;
 	}
 
 	status = get_variable(L"SetupMode", &Data, &len, global_var);
+	if (status == EFI_SUCCESS) {
+		if (verbose)
+			console_notify(L"Platform is in setup mode\n");
+		return FALSE;
+	}
 	setupmode = *Data;
 	FreePool(Data);
 
-	if (status == EFI_SUCCESS && setupmode == 1) {
+	if (setupmode == 1) {
 		if (verbose)
 			console_notify(L"Platform is in setup mode\n");
 		return FALSE;
author	Peter Jones <pjones@redhat.com>	2013-10-30 16:36:01 -0400
committer	Peter Jones <pjones@redhat.com>	2013-10-30 16:36:01 -0400
commit	6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a (patch)
tree	fa1a7599161f261285bb9a9add11182d4e567109
parent	321797142eb9491aaada80a9b514e6a4005d3eec (diff)
download	efi-boot-shim-6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a.tar.gz efi-boot-shim-6b1f8796ffe5d10a4993b4460178bc8cb3b4e70a.zip