SetSecureVariable(): free Cert on failure

If variable_create_esl_with_one_signature() succeeds but CreateTimeBasedPayload() fails, we leak the allocation for our certificate. This patch frees it. Resolves: Coverity CID 457504 Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2025-03-12 13:43:46 -0400
committer: Peter Jones <pjones@redhat.com> 2025-03-14 11:05:05 -0400
commit: d45c610ba558c1b1673ff94590b71a156dd2fd3c (patch)
tree: f209f56f4a092d4b4eb81b52de7bedfb3921b18a /lib/variables.c
parent: 794d2374a99ae2ed39c8e54828ec2392c952c73c (diff)
download: efi-boot-shim-d45c610ba558c1b1673ff94590b71a156dd2fd3c.tar.gz
efi-boot-shim-d45c610ba558c1b1673ff94590b71a156dd2fd3c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/variables.c b/lib/variables.c
index 8e63aa8f..1a2c7d48 100644
--- a/lib/variables.c
+++ b/lib/variables.c
@@ -226,6 +226,8 @@ SetSecureVariable(const CHAR16 * const var, UINT8 *Data, UINTN len,
 	}
 	efi_status = CreateTimeBasedPayload(&DataSize, (UINT8 **)&Cert);
 	if (EFI_ERROR(efi_status)) {
+		if (Cert && Cert != (EFI_SIGNATURE_LIST *)Data)
+			FreePool(Cert);
 		console_print(L"Failed to create time based payload %d\n",
 			      efi_status);
 		return efi_status;
author	Peter Jones <pjones@redhat.com>	2025-03-12 13:43:46 -0400
committer	Peter Jones <pjones@redhat.com>	2025-03-14 11:05:05 -0400
commit	d45c610ba558c1b1673ff94590b71a156dd2fd3c (patch)
tree	f209f56f4a092d4b4eb81b52de7bedfb3921b18a /lib/variables.c
parent	794d2374a99ae2ed39c8e54828ec2392c952c73c (diff)
download	efi-boot-shim-d45c610ba558c1b1673ff94590b71a156dd2fd3c.tar.gz efi-boot-shim-d45c610ba558c1b1673ff94590b71a156dd2fd3c.zip