[Pkg-gnupg-commit] [gnupg2] 39/112: g10: Fix checking key for signature validation.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 6f284e6ed63f514b15fe610f490ffcefc87a2164
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Aug 4 16:21:39 2016 +0900

    g10: Fix checking key for signature validation.
    
    * g10/sig-check.c (check_signature2): Not only subkey, but also primary
    key should have flags.valid=1.
    
    --
    
    The tweak of gpgv in e32c575e0f3704e7563048eea6d26844bdfc494b only makes
    sense with this change.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 g10/sig-check.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 7000b48..334add7 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -118,9 +118,9 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
       }
     else if( get_pubkey( pk, sig->keyid ) )
 	rc = GPG_ERR_NO_PUBKEY;
-    else if(!pk->flags.valid && !pk->flags.primary)
+    else if(!pk->flags.valid)
       {
-        /* You cannot have a good sig from an invalid subkey.  */
+        /* You cannot have a good sig from an invalid key.  */
         rc = GPG_ERR_BAD_PUBKEY;
       }
     else

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git