loader.efi: find_currdev() can leak memory

The find_currdev() is using variable "copy" to store the reference to trimmed
devpath pointer, if for some reason the efi_devpath_handle() fails, we will
leak this copy.

Also we can simplify the code there a bit.

Reviewed by:	allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D9191
This commit is contained in:
tsoome 2017-01-15 20:03:13 +00:00
parent 6a720b949d
commit 2ced9943d7

View File

@ -219,20 +219,19 @@ find_currdev(EFI_LOADED_IMAGE *img, struct devsw **dev, int *unit,
if (h == NULL)
break;
if (efi_handle_lookup(h, dev, unit, extra) == 0) {
if (copy != NULL)
free(copy);
return (0);
}
free(copy);
copy = NULL;
if (efi_handle_lookup(h, dev, unit, extra) == 0)
return (0);
if (copy != NULL)
free(copy);
devpath = efi_lookup_devpath(h);
if (devpath != NULL) {
copy = efi_devpath_trim(devpath);
devpath = copy;
}
}
free(copy);
/* Try to fallback on first device */
if (devsw[0] != NULL) {