efi_loader: variable: attributes may not be changed if a variable exists

If a variable already exists, efi_set_variable() should not change
the variable's attributes. This patch enforces it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 0d973773fa1199a8d27d5c0b989ad2738e69c797..50bc10537f404002f6927d1cce0133a797ea9fd2 100644 (file)
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -451,12 +451,21 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
        if (val) {
                parse_attr(val, &attr);
 
+               /* We should not free val */
+               val = NULL;
                if (attr & READ_ONLY) {
-                       /* We should not free val */
-                       val = NULL;
                        ret = EFI_WRITE_PROTECTED;
                        goto out;
                }
+
+               /*
+                * attributes won't be changed
+                * TODO: take care of APPEND_WRITE once supported
+                */
+               if (attr != attributes) {
+                       ret = EFI_INVALID_PARAMETER;
+                       goto out;
+               }
        }
 
        val = malloc(2 * data_size + strlen("{ro,run,boot}(blob)") + 1);