From 556c445ea19fc257fe35ac1a67477e7352ba3fcd Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 30 Oct 2013 16:36:01 -0400
Subject: [PATCH] Don't free GetVariable() return data without checking the
 status code.

This breaks every machine from before Secure Boot was a thing.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/shim.c b/shim.c
index 9d0d884..0081342 100644
--- a/shim.c
+++ b/shim.c
@@ -456,21 +456,30 @@ static BOOLEAN secure_mode (void)
 		return FALSE;
 
 	status = get_variable(L"SecureBoot", &Data, &len, global_var);
+	if (status != EFI_SUCCESS) {
+		if (verbose)
+			console_notify(L"Secure boot not enabled\n");
+		return FALSE;
+	}
 	sb = *Data;
 	FreePool(Data);
 
-	/* FIXME - more paranoia here? */
-	if (status != EFI_SUCCESS || sb != 1) {
+	if (sb != 1) {
 		if (verbose)
 			console_notify(L"Secure boot not enabled\n");
 		return FALSE;
 	}
 
 	status = get_variable(L"SetupMode", &Data, &len, global_var);
+	if (status == EFI_SUCCESS) {
+		if (verbose)
+			console_notify(L"Platform is in setup mode\n");
+		return FALSE;
+	}
 	setupmode = *Data;
 	FreePool(Data);
 
-	if (status == EFI_SUCCESS && setupmode == 1) {
+	if (setupmode == 1) {
 		if (verbose)
 			console_notify(L"Platform is in setup mode\n");
 		return FALSE;
-- 
2.39.5