colin/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bootstd: android: avoid possible null pointer dereference

Browse Source 
- avb_slot_verify_data_free() doesn't check its data parameter
- out_data can be null if avb_slot_verify() fails to allocate memory

Signed-off-by: Gary Bisson <bisson.gary@gmail.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Link: https://lore.kernel.org/r/20250402144219.1875067-1-bisson.gary@gmail.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
This commit is contained in:
Gary Bisson
2025-04-02 16:42:19 +02:00
committed by Mattijs Korpershoek
parent dc22cf37af
commit df50c821e7
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
boot/bootmeth_android.c
View File

@@ -455,7 +455,8 @@ static int run_avb_verification(struct bootflow *bflow)
if (result != AVB_SLOT_VERIFY_RESULT_OK) {
printf("Verification failed, reason: %s\n",
str_avb_slot_error(result));
avb_slot_verify_data_free(out_data);
if (out_data)
avb_slot_verify_data_free(out_data);
return log_msg_ret("avb verify", -EIO);
}
boot_state = AVB_GREEN;
@@ -465,7 +466,8 @@ static int run_avb_verification(struct bootflow *bflow)
result != AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION) {
printf("Unlocked verification failed, reason: %s\n",
str_avb_slot_error(result));
avb_slot_verify_data_free(out_data);
if (out_data)
avb_slot_verify_data_free(out_data);
return log_msg_ret("avb verify unlocked", -EIO);
}
boot_state = AVB_ORANGE;