From 8d44f5a63746d28b1e6db6f57a8005ba84a8869c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 27 Nov 2017 13:31:46 +0000
Subject: [PATCH] shim: fix logically dead code

The alternate verification path could never be taken.

Found by coverity.
---
 src/boot/efi/shim.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c
index d66b39b..6d7d814 100644
--- a/src/boot/efi/shim.c
+++ b/src/boot/efi/shim.c
@@ -62,10 +62,7 @@ static BOOLEAN shim_validate(VOID *data, UINT32 size) {
         if (!shim_lock)
                 return FALSE;
 
-        if (shim_lock->shim_verify(data, size) == EFI_SUCCESS)
-                return TRUE;
-
-        return FALSE;
+        return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
 }
 
 BOOLEAN secure_boot_enabled(void) {
@@ -188,12 +185,10 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT
 
         if (shim_validate(file_buffer, file_size))
                 status = EFI_SUCCESS;
-
-        FreePool(file_buffer);
-
-        /* Try using the platform's native policy.... */
-        if (status != EFI_SUCCESS)
+        else
+                /* Try using the platform's native policy.... */
                 status = uefi_call_wrapper(esfas, 3, this, authentication_status, device_path_const);
+        FreePool(file_buffer);
 
         return status;
 }
-- 
2.7.4