partitions: efi: fix NULL dereference on corrupted GPT

When processing a corrupted GPT, the initial magic check may succeed,
but later partition parsing may terminate unsuccessfully. In such case,
we returned an invalid pointer that happened to be NULL, but didn't do
much about it leading to a NULL pointer dereference.

Fix this by explicitly returning NULL and correctly propagating it.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20240415053120.368168-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

2 files changed, 5 insertions, 3 deletions

diff --git a/common/partitions.c b/common/partitions.c
index 5b861c40fc..17c2f1eb28 100644
--- a/common/partitions.c
+++ b/common/partitions.c
@@ -146,6 +146,9 @@ struct partition_desc *partition_table_read(struct block_device *blk)
 		goto err;
 
 	pdesc = parser->parse(buf, blk);
+	if (!pdesc)
+		goto err;
+
 	pdesc->parser = parser;
 err:
 	free(buf);
diff --git a/common/partitions/efi.c b/common/partitions/efi.c
index 9df40e3c15..829360da6e 100644
--- a/common/partitions/efi.c
+++ b/common/partitions/efi.c
@@ -482,10 +482,10 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
 	int nb_part;
 	struct efi_partition *epart;
 	struct partition *pentry;
-	struct efi_partition_desc *epd = NULL;
+	struct efi_partition_desc *epd;
 
 	if (!find_valid_gpt(buf, blk, &gpt, &ptes) || !gpt || !ptes)
-		goto out;
+		return NULL;
 
 	snprintf(blk->cdev.diskuuid, sizeof(blk->cdev.diskuuid), "%pUl", &gpt->disk_guid);
 	dev_add_param_string_fixed(blk->dev, "guid", blk->cdev.diskuuid);
@@ -525,7 +525,6 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
 		pentry->num = i;
 		list_add_tail(&pentry->list, &epd->pd.partitions);
 	}
-out:
 
 	return &epd->pd;
 }