shim: check_db_cert_in_ram(): clear openssl errors /before/ returning.

Covscan says:
455                                        if (IsFound) {
456                                                tpm_measure_variable(dbname, guid, CertSize, Cert->SignatureData);
457                                                return DATA_FOUND;
   CID 182850 (#1 of 1): Structurally dead code (UNREACHABLE)unreachable: This code cannot be reached: drain_openssl_errors();.
458                                                drain_openssl_errors();
459                                        } else {
460                                                LogError(L"AuthenticodeVerify(): %d\n", IsFound);
461                                        }

And, well... woops.

Signed-off-by: Peter Jones <pjones@redhat.com>

diff --git a/shim.c b/shim.c
index a9a569fda4a5ccf395cc674eb260d7e4e0d1c1f8..71fa8b8be1c476532932f445daf1cd014e744feb 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -450,8 +450,8 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
                                                                      hash, SHA256_DIGEST_SIZE);
                                        if (IsFound) {
                                                tpm_measure_variable(dbname, guid, CertSize, Cert->SignatureData);
-                                               return DATA_FOUND;
                                                drain_openssl_errors();
+                                               return DATA_FOUND;
                                        } else {
                                                LogError(L"AuthenticodeVerify(): %d\n", IsFound);
                                        }