In efi_sigstore_parse_siglist() sigdata is allocated. But instead of an allocation matching the size of sigdata, tainted external data was used to calculate the allocation size. This may lead to buffer overflows.
Correct the allocation. When malloc() fails for sig_data->data, sig_data is leaked. Free sig_data before jumping to the error path. Heinrich Schuchardt (2): efi_loader: fix buffer overrun in efi_sigstore_parse_siglist efi_loader: fix memory lead in efi_sigstore_parse_siglist lib/efi_loader/efi_signature.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.53.0

