diff options
Diffstat (limited to 'security/keys/permission.c')
| -rw-r--r-- | security/keys/permission.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index c35b5229e3cd..5f4c00c0947d 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
| @@ -87,20 +87,25 @@ EXPORT_SYMBOL(key_task_permission); | |||
| 87 | * key_validate - Validate a key. | 87 | * key_validate - Validate a key. |
| 88 | * @key: The key to be validated. | 88 | * @key: The key to be validated. |
| 89 | * | 89 | * |
| 90 | * Check that a key is valid, returning 0 if the key is okay, -EKEYREVOKED if | 90 | * Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the |
| 91 | * the key's type has been removed or if the key has been revoked or | 91 | * key is invalidated, -EKEYREVOKED if the key's type has been removed or if |
| 92 | * -EKEYEXPIRED if the key has expired. | 92 | * the key has been revoked or -EKEYEXPIRED if the key has expired. |
| 93 | */ | 93 | */ |
| 94 | int key_validate(struct key *key) | 94 | int key_validate(struct key *key) |
| 95 | { | 95 | { |
| 96 | struct timespec now; | 96 | struct timespec now; |
| 97 | unsigned long flags = key->flags; | ||
| 97 | int ret = 0; | 98 | int ret = 0; |
| 98 | 99 | ||
| 99 | if (key) { | 100 | if (key) { |
| 101 | ret = -ENOKEY; | ||
| 102 | if (flags & (1 << KEY_FLAG_INVALIDATED)) | ||
| 103 | goto error; | ||
| 104 | |||
| 100 | /* check it's still accessible */ | 105 | /* check it's still accessible */ |
| 101 | ret = -EKEYREVOKED; | 106 | ret = -EKEYREVOKED; |
| 102 | if (test_bit(KEY_FLAG_REVOKED, &key->flags) || | 107 | if (flags & ((1 << KEY_FLAG_REVOKED) | |
| 103 | test_bit(KEY_FLAG_DEAD, &key->flags)) | 108 | (1 << KEY_FLAG_DEAD))) |
| 104 | goto error; | 109 | goto error; |
| 105 | 110 | ||
| 106 | /* check it hasn't expired */ | 111 | /* check it hasn't expired */ |