diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-12-20 19:35:07 -0500 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-12-20 19:35:07 -0500 |
commit | 4e233d779705befcee77a45c57799f429aa371c5 (patch) | |
tree | 8e017a7e702993926e8cb92822668cef7181e634 /src/share/keytrans | |
parent | e03138491af7bc0aa9c9387339689ebd9c685f65 (diff) |
keytrans: avoid confusing user IDs across different keys (closes MS # 2682)
Diffstat (limited to 'src/share/keytrans')
-rwxr-xr-x | src/share/keytrans | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/share/keytrans b/src/share/keytrans index 60eab55..c09f664 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -670,9 +670,11 @@ sub findsig { return; } - # FIXME: if we get two primary keys on stdin, both with the same - # targetd user ID, we'll store signatures from both keys, which is - # probably wrong. + if ( (!defined($data->{current_key_match})) || + (! $data->{current_key_match})) { + # this is not the key in question. + return; + } # the current ID is not what we're looking for: return if ($data->{current}->{uid} ne $data->{target}->{uid}); @@ -731,7 +733,7 @@ sub findkey { my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex(); # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint: $foundfprstr = sprintf("%040s", $foundfprstr); - my $matched = 0; + $data->{current_key_match} = 0; # is this a match? if ((!defined($data->{target}->{fpr})) || @@ -741,7 +743,7 @@ sub findkey { } $data->{key} = { 'rsa' => $pubkey, 'timestamp' => $key_timestamp }; - $matched = 1; + $data->{current_key_match} = 1; } if ($tag != $packet_types->{seckey} && @@ -751,7 +753,7 @@ sub findkey { } return; } - if (!$matched) { + if (!$data->{current_key_match}) { # we don't think the public part of this key matches if ($readbytes < $packetlen) { read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n"; @@ -889,7 +891,9 @@ sub adduserid { die "The key requested was not found.\n" } - if (defined $data->{uid}->{$uid}) { + if (defined $data->{uid}->{$uid} && + defined $data->{sigs} && + scalar(@{$data->{sigs}}) > 0 ) { die "The requested User ID '$uid' is already associated with this key.\n"; } $args->{key_timestamp} = $data->{key}->{timestamp}; |