gpg-CVE-2018-9234.diff
gniibe (NIIBE Yutaka)
Actions

Authored By

	• gniibe
	Apr 6 2018, 2:27 AM

Size

1 KB

Subscribers

None

gpg-CVE-2018-9234.diff
View Options

	diff --git a/g10/sig-check.c b/g10/sig-check.c
	index 23af12b2e..ab8bd66a4 100644
	--- a/g10/sig-check.c
	+++ b/g10/sig-check.c
	@@ -1140,9 +1140,16 @@ check_key_signature2 (ctrl_t ctrl,
	/* Certification revocation. */
	\|\| sig->sig_class == 0x30)
	{
	- kbnode_t unode = find_prev_kbnode (root, node, PKT_USER_ID);
	+ kbnode_t unode = find_prev_kbnode (root, node, PKT_USER_ID);

	- if (unode)
	+ if (!(pk->pubkey_usage & PUBKEY_USAGE_CERT))
	+ {
	+ if (!opt.quiet)
	+ log_info ("certified by incapable key (%s)", keystr_from_pk(pk));
	+ rc = gpg_error (GPG_ERR_WRONG_KEY_USAGE);
	+ }
	+
	+ if (unode)
	{
	rc = check_signature_metadata_validity (pk, sig, r_expired, NULL);
	if (! rc)
	@@ -1154,13 +1161,13 @@ check_key_signature2 (ctrl_t ctrl,
	sig, root, unode->pkt, NULL, ret_pk);
	}
	}
	- else
	- {
	+ else
	+ {
	if (!opt.quiet)
	- log_info ("key %s: no user ID for key signature packet"
	- " of class %02x\n",keystr_from_pk(pk),sig->sig_class);
	- rc = GPG_ERR_SIG_CLASS;
	- }
	+ log_info ("key %s: no user ID for key signature packet"
	+ " of class %02x\n",keystr_from_pk(pk),sig->sig_class);
	+ rc = gpg_error (GPG_ERR_SIG_CLASS);
	+ }
	}
	else
	{