[svn] GnuPG - r5235 - branches/STABLE-BRANCH-2-0/g10

svn author wk cvs at cvs.gnupg.org
Thu Dec 17 18:56:01 CET 2009 

Author: wk
Date: 2009-12-17 18:56:00 +0100 (Thu, 17 Dec 2009)
New Revision: 5235

Modified:
   branches/STABLE-BRANCH-2-0/g10/ChangeLog
   branches/STABLE-BRANCH-2-0/g10/sig-check.c
Log:
Fix bug#1059 (missing status line signature verification done with a 
subkey while on the main key has expired).


Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/ChangeLog	2009-12-17 17:55:43 UTC (rev 5234)
+++ branches/STABLE-BRANCH-2-0/g10/ChangeLog	2009-12-17 17:56:00 UTC (rev 5235)
@@ -1,3 +1,8 @@
+2009-12-17  Werner Koch  <wk at g10code.com>
+
+	* sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag.
+	Fixes bug#1059.
+
 2009-12-15  Werner Koch  <wk at g10code.com>
 
 	* tdbio.c (tdbio_set_dbname): Do not call log_fatal after creating

Modified: branches/STABLE-BRANCH-2-0/g10/sig-check.c
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/sig-check.c	2009-12-17 17:55:43 UTC (rev 5234)
+++ branches/STABLE-BRANCH-2-0/g10/sig-check.c	2009-12-17 17:56:00 UTC (rev 5235)
@@ -229,13 +229,17 @@
 	  return G10ERR_TIME_CONFLICT;
       }
 
-    if( pk->expiredate && pk->expiredate < cur_time ) {
+    /* Check whether the key has expired.  We check the has_expired
+       flag which is set after a full evaluation of the key (getkey.c)
+       as well as a simple compare to the current time in case the
+       merge has for whatever reasons not been done.  */
+    if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
         char buf[11];
         if (opt.verbose)
 	  log_info(_("NOTE: signature key %s expired %s\n"),
 		   keystr_from_pk(pk), asctimestamp( pk->expiredate ) );
 	/* SIGEXPIRED is deprecated.  Use KEYEXPIRED. */
-	sprintf(buf,"%lu",(ulong)pk->expiredate);
+	snprintf (buf, sizeof buf,"%lu",(ulong)pk->expiredate);
 	write_status_text(STATUS_KEYEXPIRED,buf);
 	write_status(STATUS_SIGEXPIRED);
 	if(r_expired)

More information about the Gnupg-commits mailing list