diff options
| author | Justus Winter <[email protected]> | 2017-01-02 17:16:47 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2017-01-02 17:23:34 +0000 |
| commit | 01406840c199e0e13774fdea6dd82ed15fbb1a41 (patch) | |
| tree | 960fa1ade2efb174a92aa2ae59f6dbc8773ae914 | |
| parent | g10: Use accessors for expiration dates of public keys. (diff) | |
| download | gnupg-justus/issue2826-0.tar.gz gnupg-justus/issue2826-0.zip | |
g10: Avoid accessing invalid expiration dates.justus/issue2826-0
* g10/sig-check.c (check_signature_metadata_validity): Avoid accessing
invalid expiration dates.
Signed-off-by: Justus Winter <[email protected]>
| -rw-r--r-- | g10/sig-check.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index a73550042..3a378e1ef 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -324,7 +324,14 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig, flag which is set after a full evaluation of the key (getkey.c) as well as a simple compare to the current time in case the merge has for whatever reasons not been done. */ - if( pk->has_expired || (kb_pk_expiredate (pk) && kb_pk_expiredate (pk) < cur_time)) { + if( pk->has_expired || (/* Computing EXPIREDATE requires calling + this function. To break this circular + dependency, we only check the + expiration if this information is + already known (i.e. valid): */ + kb_pk_valid_expiredate (pk) + && kb_pk_expiredate (pk) + && kb_pk_expiredate (pk) < cur_time)) { char buf[11]; if (opt.verbose) log_info(_("Note: signature key %s expired %s\n"), |