Commit b404aef7 authored by David Howells's avatar David Howells Committed by James Morris

KEYS: Don't check for NULL key pointer in key_validate()

Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate().  Therefore, the checking must be done prior
to calling here.

Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent 2cc8a716
...@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type, ...@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type,
extern int wait_for_key_construction(struct key *key, bool intr); extern int wait_for_key_construction(struct key *key, bool intr);
extern int key_validate(struct key *key); extern int key_validate(const struct key *key);
extern key_ref_t key_create_or_update(key_ref_t keyring, extern key_ref_t key_create_or_update(key_ref_t keyring,
const char *type, const char *type,
......
...@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); ...@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
* key is invalidated, -EKEYREVOKED if the key's type has been removed or if * key is invalidated, -EKEYREVOKED if the key's type has been removed or if
* the key has been revoked or -EKEYEXPIRED if the key has expired. * the key has been revoked or -EKEYEXPIRED if the key has expired.
*/ */
int key_validate(struct key *key) int key_validate(const struct key *key)
{ {
struct timespec now;
unsigned long flags = key->flags; unsigned long flags = key->flags;
int ret = 0;
if (key) {
ret = -ENOKEY;
if (flags & (1 << KEY_FLAG_INVALIDATED)) if (flags & (1 << KEY_FLAG_INVALIDATED))
goto error; return -ENOKEY;
/* check it's still accessible */ /* check it's still accessible */
ret = -EKEYREVOKED;
if (flags & ((1 << KEY_FLAG_REVOKED) | if (flags & ((1 << KEY_FLAG_REVOKED) |
(1 << KEY_FLAG_DEAD))) (1 << KEY_FLAG_DEAD)))
goto error; return -EKEYREVOKED;
/* check it hasn't expired */ /* check it hasn't expired */
ret = 0;
if (key->expiry) { if (key->expiry) {
now = current_kernel_time(); struct timespec now = current_kernel_time();
if (now.tv_sec >= key->expiry) if (now.tv_sec >= key->expiry)
ret = -EKEYEXPIRED; return -EKEYEXPIRED;
}
} }
error: return 0;
return ret;
} }
EXPORT_SYMBOL(key_validate); EXPORT_SYMBOL(key_validate);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment