TAKAHASHI Tamotsu reported that when gpg2 isn't in PATH, the
gpgme_op_verify() won't return an error, but instead will return a
result with no signatures.
verify_one() was only returning an error if a signature actually
failed, so in this case the function was defaulting to returning
success.
Other callers of gpgme_op_verify() check to make sure the
result->signatures exist before processing signatures. Add a check
for verify_one() too.
{ /* Verification succeeded, see what the result is. */
int res, idx;
int anybad = 0;
+ gpgme_verify_result_t verify_result;
if (signature_key)
{
signature_key = NULL;
}
- for(idx=0; (res = show_one_sig_status (ctx, idx, s)) != -1; idx++)
+ verify_result = gpgme_op_verify_result (ctx);
+ if (verify_result && verify_result->signatures)
+ {
+ for (idx=0; (res = show_one_sig_status (ctx, idx, s)) != -1; idx++)
{
if (res == 1)
anybad = 1;
else if (res == 2)
anywarn = 2;
}
- if (!anybad)
- badsig = 0;
+ if (!anybad)
+ badsig = 0;
+ }
}
if (!badsig)