diff options
author | David Howells <dhowells@redhat.com> | 2012-05-15 14:11:11 +0100 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-16 00:54:33 +1000 |
commit | b404aef72fdafb601c945c714164c0ee2b04c364 (patch) | |
tree | 46efed0307e7c208a254614361bbe08ed160ef52 /security | |
parent | 2cc8a71641b4460783ea3bd7a3476043fdf85397 (diff) | |
download | lwn-b404aef72fdafb601c945c714164c0ee2b04c364.tar.gz lwn-b404aef72fdafb601c945c714164c0ee2b04c364.zip |
KEYS: Don't check for NULL key pointer in key_validate()
Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate(). Therefore, the checking must be done prior
to calling here.
Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/permission.c | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index 5f4c00c0947d..57d96363d7f1 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); * key is invalidated, -EKEYREVOKED if the key's type has been removed or if * the key has been revoked or -EKEYEXPIRED if the key has expired. */ -int key_validate(struct key *key) +int key_validate(const struct key *key) { - struct timespec now; unsigned long flags = key->flags; - int ret = 0; - - if (key) { - ret = -ENOKEY; - if (flags & (1 << KEY_FLAG_INVALIDATED)) - goto error; - - /* check it's still accessible */ - ret = -EKEYREVOKED; - if (flags & ((1 << KEY_FLAG_REVOKED) | - (1 << KEY_FLAG_DEAD))) - goto error; - - /* check it hasn't expired */ - ret = 0; - if (key->expiry) { - now = current_kernel_time(); - if (now.tv_sec >= key->expiry) - ret = -EKEYEXPIRED; - } + + if (flags & (1 << KEY_FLAG_INVALIDATED)) + return -ENOKEY; + + /* check it's still accessible */ + if (flags & ((1 << KEY_FLAG_REVOKED) | + (1 << KEY_FLAG_DEAD))) + return -EKEYREVOKED; + + /* check it hasn't expired */ + if (key->expiry) { + struct timespec now = current_kernel_time(); + if (now.tv_sec >= key->expiry) + return -EKEYEXPIRED; } -error: - return ret; + return 0; } EXPORT_SYMBOL(key_validate); |