summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-12-20 19:35:07 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-12-20 19:35:07 -0500
commit4e233d779705befcee77a45c57799f429aa371c5 (patch)
tree8e017a7e702993926e8cb92822668cef7181e634
parente03138491af7bc0aa9c9387339689ebd9c685f65 (diff)
keytrans: avoid confusing user IDs across different keys (closes MS # 2682)
-rw-r--r--Changelog7
-rwxr-xr-xsrc/share/keytrans18
2 files changed, 18 insertions, 7 deletions
diff --git a/Changelog b/Changelog
index 27ccf8f..96a60cf 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+monkeysphere (0.36~pre) unstable; urgency=low
+
+ * keytrans no longer confuses user IDs across different keys (closes MS
+ #2682)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 20 Dec 2010 19:31:30 -0500
+
monkeysphere (0.35) upstream;
* Remove reference to USE_VALIDATION_AGENT.
diff --git a/src/share/keytrans b/src/share/keytrans
index 60eab55..c09f664 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -670,9 +670,11 @@ sub findsig {
return;
}
- # FIXME: if we get two primary keys on stdin, both with the same
- # targetd user ID, we'll store signatures from both keys, which is
- # probably wrong.
+ if ( (!defined($data->{current_key_match})) ||
+ (! $data->{current_key_match})) {
+ # this is not the key in question.
+ return;
+ }
# the current ID is not what we're looking for:
return if ($data->{current}->{uid} ne $data->{target}->{uid});
@@ -731,7 +733,7 @@ sub findkey {
my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
# left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
$foundfprstr = sprintf("%040s", $foundfprstr);
- my $matched = 0;
+ $data->{current_key_match} = 0;
# is this a match?
if ((!defined($data->{target}->{fpr})) ||
@@ -741,7 +743,7 @@ sub findkey {
}
$data->{key} = { 'rsa' => $pubkey,
'timestamp' => $key_timestamp };
- $matched = 1;
+ $data->{current_key_match} = 1;
}
if ($tag != $packet_types->{seckey} &&
@@ -751,7 +753,7 @@ sub findkey {
}
return;
}
- if (!$matched) {
+ if (!$data->{current_key_match}) {
# we don't think the public part of this key matches
if ($readbytes < $packetlen) {
read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
@@ -889,7 +891,9 @@ sub adduserid {
die "The key requested was not found.\n"
}
- if (defined $data->{uid}->{$uid}) {
+ if (defined $data->{uid}->{$uid} &&
+ defined $data->{sigs} &&
+ scalar(@{$data->{sigs}}) > 0 ) {
die "The requested User ID '$uid' is already associated with this key.\n";
}
$args->{key_timestamp} = $data->{key}->{timestamp};