Package: gnupg / 1.4.18-7+deb8u5

0049-g10-Fix-checking-key-for-signature-validation.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 4 Aug 2016 16:21:39 +0900
Subject: [PATCH] g10: Fix checking key for signature validation.

* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

--

(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/sig-check.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 6bac630..8dd0373 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -76,9 +76,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
       }
     else if( get_pubkey( pk, sig->keyid ) )
 	rc = G10ERR_NO_PUBKEY;
-    else if(!pk->is_valid && !pk->is_primary)
+    else if(!pk->is_valid)
         rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
-				 invalid subkey */
+				 invalid key */
     else
       {
         if(r_expiredate)
-- 
2.8.1