Package: gnupg2 / 2.0.26-6+deb8u2

0059-g10-Fix-checking-key-for-signature-validation.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From caff669212d2465a3a387571305a7230d394c0e0 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 4 Aug 2016 16:21:39 +0900
Subject: [PATCH 2/2] g10: Fix checking key for signature validation.

* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

--

(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/sig-check.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index fc5e1fa..7178d06 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -82,9 +82,9 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
       }
     else if( get_pubkey( pk, sig->keyid ) )
 	rc = G10ERR_NO_PUBKEY;
-    else if(!pk->is_valid && !pk->is_primary)
+    else if(!pk->is_valid)
         rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
-				 invalid subkey */
+				 invalid key */
     else
       {
         if(r_expiredate)
-- 
2.1.4