From 01406840c199e0e13774fdea6dd82ed15fbb1a41 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Mon, 2 Jan 2017 18:16:47 +0100
Subject: [PATCH] g10: Avoid accessing invalid expiration dates.

* g10/sig-check.c (check_signature_metadata_validity): Avoid accessing
invalid expiration dates.

Signed-off-by: Justus Winter <justus@g10code.com>
---
 g10/sig-check.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index a73550042..3a378e1ef 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -324,7 +324,14 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
        flag which is set after a full evaluation of the key (getkey.c)
        as well as a simple compare to the current time in case the
        merge has for whatever reasons not been done.  */
-    if( pk->has_expired || (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) < cur_time)) {
+    if( pk->has_expired || (/* Computing EXPIREDATE requires calling
+			       this function.  To break this circular
+			       dependency, we only check the
+			       expiration if this information is
+			       already known (i.e. valid):  */
+			    kb_pk_valid_expiredate (pk)
+			    && kb_pk_expiredate (pk)
+			    && kb_pk_expiredate (pk) < cur_time)) {
         char buf[11];
         if (opt.verbose)
 	  log_info(_("Note: signature key %s expired %s\n"),