From 7744e8ac4b5ad066fee21761f1696707127e0408 Mon Sep 17 00:00:00 2001
From: Nick Child <nnac123@gmail.com>
Date: Wed, 11 Aug 2021 11:02:31 -0400
Subject: secvar: Free md context on hash error

There were a few instances in `get_hash_to_verify` where NULL is
returned before unallocating the md context. This commit ensures that
this memory is properly freed before returning.

Signed-off-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
---
 libstb/secvar/backend/edk2-compat-process.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index bd7a0ab..770c370 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -643,7 +643,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data,
 	    || key_equals(key, "dbx"))
 		guid = EFI_IMAGE_SECURITY_DATABASE_GUID;
 	else
-		return NULL;
+		goto out;
 
 	/* Expand char name to wide character width */
 	varlen = strlen(key) * 2;
@@ -672,7 +672,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data,
 
 	hash = zalloc(32);
 	if (!hash)
-		return NULL;
+		goto out;
 	rc = mbedtls_md_finish(&ctx, hash);
 	if (rc) {
 		free(hash);
-- 
cgit v1.1