diff options
author | David Howells <dhowells@redhat.com> | 2012-05-15 09:11:11 -0400 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-15 10:54:33 -0400 |
commit | b404aef72fdafb601c945c714164c0ee2b04c364 (patch) | |
tree | 46efed0307e7c208a254614361bbe08ed160ef52 /security/keys/permission.c | |
parent | 2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff) |
KEYS: Don't check for NULL key pointer in key_validate()
Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate(). Therefore, the checking must be done prior
to calling here.
Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys/permission.c')
-rw-r--r-- | security/keys/permission.c | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index 5f4c00c0947d..57d96363d7f1 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); | |||
91 | * key is invalidated, -EKEYREVOKED if the key's type has been removed or if | 91 | * key is invalidated, -EKEYREVOKED if the key's type has been removed or if |
92 | * the key has been revoked or -EKEYEXPIRED if the key has expired. | 92 | * the key has been revoked or -EKEYEXPIRED if the key has expired. |
93 | */ | 93 | */ |
94 | int key_validate(struct key *key) | 94 | int key_validate(const struct key *key) |
95 | { | 95 | { |
96 | struct timespec now; | ||
97 | unsigned long flags = key->flags; | 96 | unsigned long flags = key->flags; |
98 | int ret = 0; | 97 | |
99 | 98 | if (flags & (1 << KEY_FLAG_INVALIDATED)) | |
100 | if (key) { | 99 | return -ENOKEY; |
101 | ret = -ENOKEY; | 100 | |
102 | if (flags & (1 << KEY_FLAG_INVALIDATED)) | 101 | /* check it's still accessible */ |
103 | goto error; | 102 | if (flags & ((1 << KEY_FLAG_REVOKED) | |
104 | 103 | (1 << KEY_FLAG_DEAD))) | |
105 | /* check it's still accessible */ | 104 | return -EKEYREVOKED; |
106 | ret = -EKEYREVOKED; | 105 | |
107 | if (flags & ((1 << KEY_FLAG_REVOKED) | | 106 | /* check it hasn't expired */ |
108 | (1 << KEY_FLAG_DEAD))) | 107 | if (key->expiry) { |
109 | goto error; | 108 | struct timespec now = current_kernel_time(); |
110 | 109 | if (now.tv_sec >= key->expiry) | |
111 | /* check it hasn't expired */ | 110 | return -EKEYEXPIRED; |
112 | ret = 0; | ||
113 | if (key->expiry) { | ||
114 | now = current_kernel_time(); | ||
115 | if (now.tv_sec >= key->expiry) | ||
116 | ret = -EKEYEXPIRED; | ||
117 | } | ||
118 | } | 111 | } |
119 | 112 | ||
120 | error: | 113 | return 0; |
121 | return ret; | ||
122 | } | 114 | } |
123 | EXPORT_SYMBOL(key_validate); | 115 | EXPORT_SYMBOL(key_validate); |