efi_loader: Prevent dereference of uninitialised variable

author Andrew Goodbody <andrew.goodbody@linaro.org>

Wed, 2 Jul 2025 10:01:37 +0000 (11:01 +0100)

committer Ilias Apalodimas <ilias.apalodimas@linaro.org>

Thu, 3 Jul 2025 08:32:49 +0000 (11:32 +0300)
author Andrew Goodbody <andrew.goodbody@linaro.org>
Wed, 2 Jul 2025 10:01:37 +0000 (11:01 +0100)
committer Ilias Apalodimas <ilias.apalodimas@linaro.org>
Thu, 3 Jul 2025 08:32:49 +0000 (11:32 +0300)
diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c

index 189317fe2d22bb8910d8ea578dde2097b4e04241..9a0f26751326ba445b15e1e6cf9caef240554ab1 100644 (file)
--- a/lib/efi_loader/efi_http.c
+++ b/lib/efi_loader/efi_http.c
@@ -453,7 +453,6 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
         efi_status_t ret = EFI_SUCCESS;
         struct efi_http_instance *http_instance;
         struct efi_handler *phandler;
-       void *protocol_interface;
  
         if (num_instances == 0)
                 return EFI_EXIT(EFI_NOT_FOUND);
@@ -463,18 +462,18 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
  
         efi_search_protocol(child_handle, &efi_http_guid, &phandler);
  
-       if (phandler)
-               protocol_interface = phandler->protocol_interface;
+       if (!phandler)
+               return EFI_EXIT(EFI_UNSUPPORTED);
  
         ret = efi_delete_handle(child_handle);
         if (ret != EFI_SUCCESS)
                 return EFI_EXIT(ret);
  
-       http_instance = (struct efi_http_instance *)protocol_interface;
+       http_instance = phandler->protocol_interface;
         efi_free_pool(http_instance->http_load_addr);
         http_instance->http_load_addr = NULL;
  
-       free(protocol_interface);
+       free(phandler->protocol_interface);
  
         num_instances--;
author	Andrew Goodbody <andrew.goodbody@linaro.org>
	Wed, 2 Jul 2025 10:01:37 +0000 (11:01 +0100)
committer	Ilias Apalodimas <ilias.apalodimas@linaro.org>
	Thu, 3 Jul 2025 08:32:49 +0000 (11:32 +0300)