summaryrefslogtreecommitdiff
path: root/src/share/keytrans
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-12-20 19:35:07 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-12-20 19:35:07 -0500
commit4e233d779705befcee77a45c57799f429aa371c5 (patch)
tree8e017a7e702993926e8cb92822668cef7181e634 /src/share/keytrans
parente03138491af7bc0aa9c9387339689ebd9c685f65 (diff)
keytrans: avoid confusing user IDs across different keys (closes MS # 2682)
Diffstat (limited to 'src/share/keytrans')
-rwxr-xr-xsrc/share/keytrans18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/share/keytrans b/src/share/keytrans
index 60eab55..c09f664 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -670,9 +670,11 @@ sub findsig {
return;
}
- # FIXME: if we get two primary keys on stdin, both with the same
- # targetd user ID, we'll store signatures from both keys, which is
- # probably wrong.
+ if ( (!defined($data->{current_key_match})) ||
+ (! $data->{current_key_match})) {
+ # this is not the key in question.
+ return;
+ }
# the current ID is not what we're looking for:
return if ($data->{current}->{uid} ne $data->{target}->{uid});
@@ -731,7 +733,7 @@ sub findkey {
my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
# left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
$foundfprstr = sprintf("%040s", $foundfprstr);
- my $matched = 0;
+ $data->{current_key_match} = 0;
# is this a match?
if ((!defined($data->{target}->{fpr})) ||
@@ -741,7 +743,7 @@ sub findkey {
}
$data->{key} = { 'rsa' => $pubkey,
'timestamp' => $key_timestamp };
- $matched = 1;
+ $data->{current_key_match} = 1;
}
if ($tag != $packet_types->{seckey} &&
@@ -751,7 +753,7 @@ sub findkey {
}
return;
}
- if (!$matched) {
+ if (!$data->{current_key_match}) {
# we don't think the public part of this key matches
if ($readbytes < $packetlen) {
read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
@@ -889,7 +891,9 @@ sub adduserid {
die "The key requested was not found.\n"
}
- if (defined $data->{uid}->{$uid}) {
+ if (defined $data->{uid}->{$uid} &&
+ defined $data->{sigs} &&
+ scalar(@{$data->{sigs}}) > 0 ) {
die "The requested User ID '$uid' is already associated with this key.\n";
}
$args->{key_timestamp} = $data->{key}->{timestamp};