efi_loader: correctly check if the HTTP protocol is found

In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.

If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.

If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.

Use a single location for EFI_EXIT().

Addresses-Coverity-ID: CID 531974 (Unchecked return value)
Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c
index 9a0f26751326ba445b15e1e6cf9caef240554ab1..2a606aa441ed47405100374e06fb05552ef4effd 100644 (file)
--- a/lib/efi_loader/efi_http.c
+++ b/lib/efi_loader/efi_http.c
@@ -460,14 +460,16 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
        if (!child_handle)
                return EFI_EXIT(EFI_INVALID_PARAMETER);
 
-       efi_search_protocol(child_handle, &efi_http_guid, &phandler);
-
-       if (!phandler)
-               return EFI_EXIT(EFI_UNSUPPORTED);
+       ret = efi_search_protocol(child_handle, &efi_http_guid, &phandler);
+       if (ret != EFI_SUCCESS) {
+               if (ret != EFI_INVALID_PARAMETER)
+                       ret = EFI_UNSUPPORTED;
+               goto out;
+       }
 
        ret = efi_delete_handle(child_handle);
        if (ret != EFI_SUCCESS)
-               return EFI_EXIT(ret);
+               goto out;
 
        http_instance = phandler->protocol_interface;
        efi_free_pool(http_instance->http_load_addr);
@@ -476,8 +478,8 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
        free(phandler->protocol_interface);
 
        num_instances--;
-
-       return EFI_EXIT(EFI_SUCCESS);
+out:
+       return EFI_EXIT(ret);
 }
 
 /**