efi_loader: pkcs7_parse_message() returns error pointer

Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL.  We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 5a9a6424cc143962111d38a3eb4de2c98c2fc099..ac4f65c9d8259452eddf993d7b70952356e4791c 100644 (file)
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -14,6 +14,7 @@
 #include <pe.h>
 #include <sort.h>
 #include "crypto/pkcs7_parser.h"
+#include <linux/err.h>
 
 const efi_guid_t efi_global_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
 const efi_guid_t efi_guid_device_path = EFI_DEVICE_PATH_PROTOCOL_GUID;
@@ -538,8 +539,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
                }
                msg = pkcs7_parse_message((void *)wincert + sizeof(*wincert),
                                          wincert->dwLength - sizeof(*wincert));
-               if (!msg) {
+               if (IS_ERR(msg)) {
                        debug("Parsing image's signature failed\n");
+                       msg = NULL;
                        goto err;
                }