security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

g10: Fix checking key for signature validation. 

* g10/sig-check.c (check_signature2): Not only subkey, but also primary
key should have flags.valid=1.

--

The tweak of gpgv in e32c575e0f only makes
sense with this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2016-08-04 16:21:39 +09:00
parent 993f36e23c
commit 6f284e6ed6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/sig-check.c
View File

@ -118,9 +118,9 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
}
else if( get_pubkey( pk, sig->keyid ) )
rc = GPG_ERR_NO_PUBKEY;
else if(!pk->flags.valid && !pk->flags.primary)
else if(!pk->flags.valid)
{
/* You cannot have a good sig from an invalid subkey. */
/* You cannot have a good sig from an invalid key. */
rc = GPG_ERR_BAD_PUBKEY;
}
else