Hi Heinrich, On Tue, 30 Jun 2026 at 02:35, Heinrich Schuchardt <[email protected]> wrote: > > When malloc() fails for sig_data->data, sig_data is leaked. > > Free sig_data before jumping to the error path. > > Signed-off-by: Heinrich Schuchardt <[email protected]> > --- > v2: > fix typo in subject > --- > lib/efi_loader/efi_signature.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c > index 6aff5c14a89..1da656161bb 100644 > --- a/lib/efi_loader/efi_signature.c > +++ b/lib/efi_loader/efi_signature.c > @@ -717,6 +717,7 @@ efi_sigstore_parse_siglist(struct efi_signature_list *esl) > sig_data->data = malloc(sig_data->size); > if (!sig_data->data) { > EFI_PRINT("Out of memory\n"); > + free(sig_data);
I think the problem is bigger than just the last node here. efi_sigstore_free() walks sigstore->sig_data_list to free the allocated memory. However, that's only assigned after everything has succeded. I think we should move the siglist->sig_data_list = sig_data_next; within the loop and let efi_sigstore_free() deal with freeing memory on error. Thanks /Ilias > goto err; > } > memcpy(sig_data->data, esd->signature_data, sig_data->size); > -- > 2.53.0 >

