If we fail to install our protocol, don't continue.

This shouldn't be exploitable unless you've got a way to make InstallProtocol fail and still, for example, have memory free to actually load and run something. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2013-10-01 16:32:54 -0400
committer: Peter Jones <pjones@redhat.com> 2013-10-01 16:33:58 -0400
commit: 51583bd5006b362a63b6e49ad91aed2d1917f2ed (patch)
tree: eb66f2041cb9dd735e5326cb0f701e3dd13d8e43 /shim.c
parent: 6e5d86e5659d80b773932cf623c1a6972c06f11c (diff)
download: efi-boot-shim-51583bd5006b362a63b6e49ad91aed2d1917f2ed.tar.gz
efi-boot-shim-51583bd5006b362a63b6e49ad91aed2d1917f2ed.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/shim.c b/shim.c
index b7256291..2a3d0559 100644
--- a/shim.c
+++ b/shim.c
@@ -1625,9 +1625,14 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	/*
 	 * Install the protocol
 	 */
-	uefi_call_wrapper(BS->InstallProtocolInterface, 4, &handle,
-			  &shim_lock_guid, EFI_NATIVE_INTERFACE,
+	efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4,
+			  &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE,
 			  &shim_lock_interface);
+	if (EFI_ERROR(efi_status)) {
+		console_error("Could not install security protocol",
+			      efi_status);
+		return efi_status;
+	}
 
 #if defined(OVERRIDE_SECURITY_POLICY)
 	/*
author	Peter Jones <pjones@redhat.com>	2013-10-01 16:32:54 -0400
committer	Peter Jones <pjones@redhat.com>	2013-10-01 16:33:58 -0400
commit	51583bd5006b362a63b6e49ad91aed2d1917f2ed (patch)
tree	eb66f2041cb9dd735e5326cb0f701e3dd13d8e43 /shim.c
parent	6e5d86e5659d80b773932cf623c1a6972c06f11c (diff)
download	efi-boot-shim-51583bd5006b362a63b6e49ad91aed2d1917f2ed.tar.gz efi-boot-shim-51583bd5006b362a63b6e49ad91aed2d1917f2ed.zip