KEYS: Don't check for NULL key pointer in key_validate()

Don't bother checking for NULL key pointer in key_validate() as all of the places that call it will crash anyway if the relevant key pointer is NULL by the time they call key_validate(). Therefore, the checking must be done prior to calling here. Whilst we're at it, simplify the key_validate() function a bit and mark its argument const. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David Howells <dhowells@redhat.com> cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: David Howells <dhowells@redhat.com> 2012-05-15 09:11:11 -0400
committer: James Morris <james.l.morris@oracle.com> 2012-05-15 10:54:33 -0400
commit: b404aef72fdafb601c945c714164c0ee2b04c364 (patch)
tree: 46efed0307e7c208a254614361bbe08ed160ef52
parent: 2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff)
2 files changed, 17 insertions, 25 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index b145b054b3e0..5231800770e1 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type,
 extern int wait_for_key_construction(struct key *key, bool intr);
-extern int key_validate(struct key *key);
+extern int key_validate(const struct key *key);
 extern key_ref_t key_create_or_update(key_ref_t keyring,
                                      const char *type,
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 5f4c00c0947d..57d96363d7f1 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
 * key is invalidated, -EKEYREVOKED if the key's type has been removed or if
 * the key has been revoked or -EKEYEXPIRED if the key has expired.
 */
-int key_validate(struct key *key)
+int key_validate(const struct key *key)
 {
-        struct timespec now;
        unsigned long flags = key->flags;
-        int ret = 0;
+        if (flags & (1 << KEY_FLAG_INVALIDATED))
-        if (key) {
+                return -ENOKEY;
-                ret = -ENOKEY;
-                if (flags & (1 << KEY_FLAG_INVALIDATED))
+        /* check it's still accessible */
-                        goto error;
+        if (flags & ((1 << KEY_FLAG_REVOKED) |
+                     (1 << KEY_FLAG_DEAD)))
-                /* check it's still accessible */
+                return -EKEYREVOKED;
-                ret = -EKEYREVOKED;
-                if (flags & ((1 << KEY_FLAG_REVOKED) |
+        /* check it hasn't expired */
-                             (1 << KEY_FLAG_DEAD)))
+        if (key->expiry) {
-                        goto error;
+                struct timespec now = current_kernel_time();
+                if (now.tv_sec >= key->expiry)
-                /* check it hasn't expired */
+                        return -EKEYEXPIRED;
-                ret = 0;
-                if (key->expiry) {
-                        now = current_kernel_time();
-                        if (now.tv_sec >= key->expiry)
-                                ret = -EKEYEXPIRED;
-                }
        }
-error:
+        return 0;
-        return ret;
 }
 EXPORT_SYMBOL(key_validate);
author	David Howells <dhowells@redhat.com>	2012-05-15 09:11:11 -0400
committer	James Morris <james.l.morris@oracle.com>	2012-05-15 10:54:33 -0400
commit	b404aef72fdafb601c945c714164c0ee2b04c364 (patch)
tree	46efed0307e7c208a254614361bbe08ed160ef52
parent	2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff)

diff --git a/include/linux/key.h b/include/linux/key.h index b145b054b3e0..5231800770e1 100644 --- a/include/linux/key.h +++ b/include/linux/key.h
@@ -242,7 +242,7 @@ extern struct key request_key_async_with_auxdata(struct key_type type,
242		242
243	extern int wait_for_key_construction(struct key *key, bool intr);	243	extern int wait_for_key_construction(struct key *key, bool intr);
244		244
245	extern int key_validate(struct key *key);	245	extern int key_validate(const struct key *key);
246		246
247	extern key_ref_t key_create_or_update(key_ref_t keyring,	247	extern key_ref_t key_create_or_update(key_ref_t keyring,
248	const char *type,	248	const char *type,


diff --git a/security/keys/permission.c b/security/keys/permission.c index 5f4c00c0947d..57d96363d7f1 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
91	* key is invalidated, -EKEYREVOKED if the key's type has been removed or if	91	* key is invalidated, -EKEYREVOKED if the key's type has been removed or if
92	* the key has been revoked or -EKEYEXPIRED if the key has expired.	92	* the key has been revoked or -EKEYEXPIRED if the key has expired.
93	*/	93	*/
94	int key_validate(struct key *key)	94	int key_validate(const struct key *key)
95	{	95	{
96	struct timespec now;
97	unsigned long flags = key->flags;	96	unsigned long flags = key->flags;
98	int ret = 0;	97
99		98	if (flags & (1 << KEY_FLAG_INVALIDATED))
100	if (key) {	99	return -ENOKEY;
101	ret = -ENOKEY;	100
102	if (flags & (1 << KEY_FLAG_INVALIDATED))	101	/* check it's still accessible */
103	goto error;	102	if (flags & ((1 << KEY_FLAG_REVOKED) \|
104		103	(1 << KEY_FLAG_DEAD)))
105	/* check it's still accessible */	104	return -EKEYREVOKED;
106	ret = -EKEYREVOKED;	105
107	if (flags & ((1 << KEY_FLAG_REVOKED) \|	106	/* check it hasn't expired */
108	(1 << KEY_FLAG_DEAD)))	107	if (key->expiry) {
109	goto error;	108	struct timespec now = current_kernel_time();
110		109	if (now.tv_sec >= key->expiry)
111	/* check it hasn't expired */	110	return -EKEYEXPIRED;
112	ret = 0;
113	if (key->expiry) {
114	now = current_kernel_time();
115	if (now.tv_sec >= key->expiry)
116	ret = -EKEYEXPIRED;
117	}
118	}	111	}
119		112
120	error:	113	return 0;
121	return ret;
122	}	114	}
123	EXPORT_SYMBOL(key_validate);	115	EXPORT_SYMBOL(key_validate);