summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-05-15 17:11:11 +0400
committerJames Morris <james.l.morris@oracle.com>2012-05-15 18:54:33 +0400
commitb404aef72fdafb601c945c714164c0ee2b04c364 (patch)
tree46efed0307e7c208a254614361bbe08ed160ef52
parent2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff)
downloadlinux-b404aef72fdafb601c945c714164c0ee2b04c364.tar.xz
KEYS: Don't check for NULL key pointer in key_validate()
Don't bother checking for NULL key pointer in key_validate() as all of the places that call it will crash anyway if the relevant key pointer is NULL by the time they call key_validate(). Therefore, the checking must be done prior to calling here. Whilst we're at it, simplify the key_validate() function a bit and mark its argument const. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David Howells <dhowells@redhat.com> cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r--include/linux/key.h2
-rw-r--r--security/keys/permission.c40
2 files changed, 17 insertions, 25 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index b145b054b3e0..5231800770e1 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type,
extern int wait_for_key_construction(struct key *key, bool intr);
-extern int key_validate(struct key *key);
+extern int key_validate(const struct key *key);
extern key_ref_t key_create_or_update(key_ref_t keyring,
const char *type,
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 5f4c00c0947d..57d96363d7f1 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
* key is invalidated, -EKEYREVOKED if the key's type has been removed or if
* the key has been revoked or -EKEYEXPIRED if the key has expired.
*/
-int key_validate(struct key *key)
+int key_validate(const struct key *key)
{
- struct timespec now;
unsigned long flags = key->flags;
- int ret = 0;
-
- if (key) {
- ret = -ENOKEY;
- if (flags & (1 << KEY_FLAG_INVALIDATED))
- goto error;
-
- /* check it's still accessible */
- ret = -EKEYREVOKED;
- if (flags & ((1 << KEY_FLAG_REVOKED) |
- (1 << KEY_FLAG_DEAD)))
- goto error;
-
- /* check it hasn't expired */
- ret = 0;
- if (key->expiry) {
- now = current_kernel_time();
- if (now.tv_sec >= key->expiry)
- ret = -EKEYEXPIRED;
- }
+
+ if (flags & (1 << KEY_FLAG_INVALIDATED))
+ return -ENOKEY;
+
+ /* check it's still accessible */
+ if (flags & ((1 << KEY_FLAG_REVOKED) |
+ (1 << KEY_FLAG_DEAD)))
+ return -EKEYREVOKED;
+
+ /* check it hasn't expired */
+ if (key->expiry) {
+ struct timespec now = current_kernel_time();
+ if (now.tv_sec >= key->expiry)
+ return -EKEYEXPIRED;
}
-error:
- return ret;
+ return 0;
}
EXPORT_SYMBOL(key_validate);