diff options
author | David Howells <dhowells@redhat.com> | 2012-05-15 14:11:11 +0100 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-16 00:54:33 +1000 |
commit | b404aef72fdafb601c945c714164c0ee2b04c364 (patch) | |
tree | 46efed0307e7c208a254614361bbe08ed160ef52 | |
parent | 2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff) | |
download | linux-stable-b404aef72fdafb601c945c714164c0ee2b04c364.tar.gz linux-stable-b404aef72fdafb601c945c714164c0ee2b04c364.tar.bz2 linux-stable-b404aef72fdafb601c945c714164c0ee2b04c364.zip |
KEYS: Don't check for NULL key pointer in key_validate()
Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate(). Therefore, the checking must be done prior
to calling here.
Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r-- | include/linux/key.h | 2 | ||||
-rw-r--r-- | security/keys/permission.c | 40 |
2 files changed, 17 insertions, 25 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index b145b054b3e0..5231800770e1 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type, extern int wait_for_key_construction(struct key *key, bool intr); -extern int key_validate(struct key *key); +extern int key_validate(const struct key *key); extern key_ref_t key_create_or_update(key_ref_t keyring, const char *type, diff --git a/security/keys/permission.c b/security/keys/permission.c index 5f4c00c0947d..57d96363d7f1 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); * key is invalidated, -EKEYREVOKED if the key's type has been removed or if * the key has been revoked or -EKEYEXPIRED if the key has expired. */ -int key_validate(struct key *key) +int key_validate(const struct key *key) { - struct timespec now; unsigned long flags = key->flags; - int ret = 0; - - if (key) { - ret = -ENOKEY; - if (flags & (1 << KEY_FLAG_INVALIDATED)) - goto error; - - /* check it's still accessible */ - ret = -EKEYREVOKED; - if (flags & ((1 << KEY_FLAG_REVOKED) | - (1 << KEY_FLAG_DEAD))) - goto error; - - /* check it hasn't expired */ - ret = 0; - if (key->expiry) { - now = current_kernel_time(); - if (now.tv_sec >= key->expiry) - ret = -EKEYEXPIRED; - } + + if (flags & (1 << KEY_FLAG_INVALIDATED)) + return -ENOKEY; + + /* check it's still accessible */ + if (flags & ((1 << KEY_FLAG_REVOKED) | + (1 << KEY_FLAG_DEAD))) + return -EKEYREVOKED; + + /* check it hasn't expired */ + if (key->expiry) { + struct timespec now = current_kernel_time(); + if (now.tv_sec >= key->expiry) + return -EKEYEXPIRED; } -error: - return ret; + return 0; } EXPORT_SYMBOL(key_validate); |