boot: Fix invalid free

LocateDevicePath() advances the device path pointer, making it invalid
when freed.

diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c
index 3ce6af42f94e0fb16bdccce4fbfad50a0386b0a0..fd9c489478d2ba4bcbb531b5a30a2b35ee448b3d 100644 (file)
--- a/src/boot/efi/shim.c
+++ b/src/boot/efi/shim.c
@@ -118,13 +118,14 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT
         if (!dev_path)
                 return EFI_OUT_OF_RESOURCES;
 
-        status = BS->LocateDevicePath(&FileSystemProtocol, &dev_path, &h);
+        EFI_DEVICE_PATH *dp = dev_path;
+        status = BS->LocateDevicePath(&FileSystemProtocol, &dp, &h);
         if (EFI_ERROR(status))
                 return status;
 
         /* No need to check return value, this already happened in efi_main() */
         root = LibOpenRoot(h);
-        dev_path_str = DevicePathToStr(dev_path);
+        dev_path_str = DevicePathToStr(dp);
         if (!dev_path_str)
                 return EFI_OUT_OF_RESOURCES;
 

diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c
index 81aa7f61eef3f6e18171db00edf7304312b30d43..4972877d209728a989fdf7f32696c1fcf0427f72 100644 (file)
--- a/src/boot/efi/xbootldr.c
+++ b/src/boot/efi/xbootldr.c
@@ -286,7 +286,8 @@ EFI_STATUS xbootldr_open(EFI_HANDLE *device, EFI_HANDLE *ret_device, EFI_FILE **
                 hd->SignatureType = SIGNATURE_TYPE_GUID;
         }
 
-        err = BS->LocateDevicePath(&BlockIoProtocol, &partition_path, &new_device);
+        EFI_DEVICE_PATH *dp = partition_path;
+        err = BS->LocateDevicePath(&BlockIoProtocol, &dp, &new_device);
         if (EFI_ERROR(err))
                 return err;