diff options
| author | Peter Jones <pjones@redhat.com> | 2015-06-11 13:20:09 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2015-06-11 13:20:09 -0400 |
| commit | b9f98904ba133f437ced3660b3b9f033f02244ec (patch) | |
| tree | fda359f31ebcb1cfb4d0a07edfee966a8164dcbd /shim.c | |
| parent | 8837b9054f544fd9701cf0bd4b1bd4e596f4c2e7 (diff) | |
| download | efi-boot-shim-b9f98904ba133f437ced3660b3b9f033f02244ec.tar.gz efi-boot-shim-b9f98904ba133f437ced3660b3b9f033f02244ec.zip | |
Don't leave in_protocol==1 when shim_verify() isn't enforcing.
Right now if shim_verify() sees secure_mode()==0, it exits with
EFI_SUCCESS, but accidentally leaves in_protocol=1. This means any
other call will have supressed error/warning messages.
That's wrong, so don't do it.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'shim.c')
| -rw-r--r-- | shim.c | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -1521,17 +1521,16 @@ error: */ EFI_STATUS shim_verify (void *buffer, UINT32 size) { - EFI_STATUS status; + EFI_STATUS status = EFI_SUCCESS; PE_COFF_LOADER_IMAGE_CONTEXT context; loader_is_participating = 1; in_protocol = 1; if (!secure_mode()) - return EFI_SUCCESS; + goto done; status = read_header(buffer, size, &context); - if (status != EFI_SUCCESS) goto done; |