efi_loader: variable: attributes may not be changed if a variable exists If a variable already exists, efi_set_variable() should not change the variable's attributes. This patch enforces it. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

commit: a2c6983740104c8e608c411eff6a58e2f4feaede [log] [tgz]
author: AKASHI Takahiro <takahiro.akashi@linaro.org> Fri May 24 15:59:03 2019 +0900
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Fri May 24 18:58:14 2019 +0200
tree: ff12577b9032434d29930c5060e2b1079d1904e3
parent: dbebae5ec77eee029fb36337643e052eecb50453 [diff]
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 0d97377..50bc105 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c

@@ -451,12 +451,21 @@
 	if (val) {
 		parse_attr(val, &attr);
 
+		/* We should not free val */
+		val = NULL;
 		if (attr & READ_ONLY) {
-			/* We should not free val */
-			val = NULL;
 			ret = EFI_WRITE_PROTECTED;
 			goto out;
 		}
+
+		/*
+		 * attributes won't be changed
+		 * TODO: take care of APPEND_WRITE once supported
+		 */
+		if (attr != attributes) {
+			ret = EFI_INVALID_PARAMETER;
+			goto out;
+		}
 	}
 
 	val = malloc(2 * data_size + strlen("{ro,run,boot}(blob)") + 1);
commit	a2c6983740104c8e608c411eff6a58e2f4feaede	[log] [tgz]
author	AKASHI Takahiro <takahiro.akashi@linaro.org>	Fri May 24 15:59:03 2019 +0900
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Fri May 24 18:58:14 2019 +0200
tree	ff12577b9032434d29930c5060e2b1079d1904e3
parent	dbebae5ec77eee029fb36337643e052eecb50453 [diff]