keytrans: avoid confusing user IDs across different keys (closes MS # 2682)

1 files changed, 11 insertions, 7 deletions

diff --git a/src/share/keytrans b/src/share/keytrans
index 60eab55..c09f664 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -670,9 +670,11 @@ sub findsig {
     return;
   }
 
-  # FIXME: if we get two primary keys on stdin, both with the same
-  # targetd user ID, we'll store signatures from both keys, which is
-  # probably wrong.
+  if ( (!defined($data->{current_key_match})) ||
+       (! $data->{current_key_match})) {
+    # this is not the key in question.
+    return;
+  }
 
   # the current ID is not what we're looking for:
   return if ($data->{current}->{uid} ne $data->{target}->{uid});
@@ -731,7 +733,7 @@ sub findkey {
   my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
   # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
   $foundfprstr = sprintf("%040s", $foundfprstr);
-  my $matched = 0;
+  $data->{current_key_match} = 0;
 
   # is this a match?
   if ((!defined($data->{target}->{fpr})) ||
@@ -741,7 +743,7 @@ sub findkey {
     }
     $data->{key} = { 'rsa' => $pubkey,
 		     'timestamp' => $key_timestamp };
-    $matched = 1;
+    $data->{current_key_match} = 1;
   }
 
   if ($tag != $packet_types->{seckey} &&
@@ -751,7 +753,7 @@ sub findkey {
     }
     return;
   }
-  if (!$matched) {
+  if (!$data->{current_key_match}) {
     # we don't think the public part of this key matches
     if ($readbytes < $packetlen) {
       read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
@@ -889,7 +891,9 @@ sub adduserid {
     die "The key requested was not found.\n"
   }
 
-  if (defined $data->{uid}->{$uid}) {
+  if (defined $data->{uid}->{$uid} &&
+      defined $data->{sigs} &&
+      scalar(@{$data->{sigs}}) > 0 ) {
     die "The requested User ID '$uid' is already associated with this key.\n";
   }
   $args->{key_timestamp} = $data->{key}->{timestamp};