KEYS: Don't check for NULL key pointer in key_validate()

Don't bother checking for NULL key pointer in key_validate() as all of the
places that call it will crash anyway if the relevant key pointer is NULL by
the time they call key_validate().  Therefore, the checking must be done prior
to calling here.

Whilst we're at it, simplify the key_validate() function a bit and mark its
argument const.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

diff --git a/include/linux/key.h b/include/linux/key.h
index b145b05..5231800 100644 (file)
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type,
 
 extern int wait_for_key_construction(struct key *key, bool intr);
 
-extern int key_validate(struct key *key);
+extern int key_validate(const struct key *key);
 
 extern key_ref_t key_create_or_update(key_ref_t keyring,
                                      const char *type,

diff --git a/security/keys/permission.c b/security/keys/permission.c
index 5f4c00c..57d9636 100644 (file)
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
  * key is invalidated, -EKEYREVOKED if the key's type has been removed or if
  * the key has been revoked or -EKEYEXPIRED if the key has expired.
  */
-int key_validate(struct key *key)
+int key_validate(const struct key *key)
 {
-       struct timespec now;
        unsigned long flags = key->flags;
-       int ret = 0;
-
-       if (key) {
-               ret = -ENOKEY;
-               if (flags & (1 << KEY_FLAG_INVALIDATED))
-                       goto error;
-
-               /* check it's still accessible */
-               ret = -EKEYREVOKED;
-               if (flags & ((1 << KEY_FLAG_REVOKED) |
-                            (1 << KEY_FLAG_DEAD)))
-                       goto error;
-
-               /* check it hasn't expired */
-               ret = 0;
-               if (key->expiry) {
-                       now = current_kernel_time();
-                       if (now.tv_sec >= key->expiry)
-                               ret = -EKEYEXPIRED;
-               }
+
+       if (flags & (1 << KEY_FLAG_INVALIDATED))
+               return -ENOKEY;
+
+       /* check it's still accessible */
+       if (flags & ((1 << KEY_FLAG_REVOKED) |
+                    (1 << KEY_FLAG_DEAD)))
+               return -EKEYREVOKED;
+
+       /* check it hasn't expired */
+       if (key->expiry) {
+               struct timespec now = current_kernel_time();
+               if (now.tv_sec >= key->expiry)
+                       return -EKEYEXPIRED;
        }
 
-error:
-       return ret;
+       return 0;
 }
 EXPORT_SYMBOL(key_validate);