Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b404aef7 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

KEYS: Don't check for NULL key pointer in key_validate() 



Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate().  Therefore, the checking must be done prior
to calling here.

Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.

Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent 2cc8a716

include/linux/key.h

+1 −1
Original line number Diff line number Diff line
@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type, 


extern int wait_for_key_construction(struct key *key, bool intr);



extern int key_validate(struct key *key);

extern int key_validate(const struct key *key);



extern key_ref_t key_create_or_update(key_ref_t keyring,

				      const char *type,

security/keys/permission.c

+16 −24
Original line number Diff line number Diff line
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); 
 * key is invalidated, -EKEYREVOKED if the key's type has been removed or if

 * the key has been revoked or -EKEYEXPIRED if the key has expired.

 */

int key_validate(struct key *key)

int key_validate(const struct key *key)

{

	struct timespec now;

	unsigned long flags = key->flags;

	int ret = 0;



	if (key) {

		ret = -ENOKEY;

	if (flags & (1 << KEY_FLAG_INVALIDATED))

			goto error;

		return -ENOKEY;



	/* check it's still accessible */

		ret = -EKEYREVOKED;

	if (flags & ((1 << KEY_FLAG_REVOKED) |

		     (1 << KEY_FLAG_DEAD)))

			goto error;

		return -EKEYREVOKED;



	/* check it hasn't expired */

		ret = 0;

	if (key->expiry) {

			now = current_kernel_time();

		struct timespec now = current_kernel_time();

		if (now.tv_sec >= key->expiry)

				ret = -EKEYEXPIRED;

		}

			return -EKEYEXPIRED;

	}



error:

	return ret;

	return 0;

}

EXPORT_SYMBOL(key_validate);