From 4e233d779705befcee77a45c57799f429aa371c5 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 20 Dec 2010 19:35:07 -0500
Subject: keytrans: avoid confusing user IDs across different keys (closes MS #
 2682)

---
 Changelog          |  7 +++++++
 src/share/keytrans | 18 +++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/Changelog b/Changelog
index 27ccf8f..96a60cf 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+monkeysphere (0.36~pre) unstable; urgency=low
+
+  * keytrans no longer confuses user IDs across different keys (closes MS
+    #2682)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Mon, 20 Dec 2010 19:31:30 -0500
+
 monkeysphere (0.35) upstream;
 
   * Remove reference to USE_VALIDATION_AGENT.
diff --git a/src/share/keytrans b/src/share/keytrans
index 60eab55..c09f664 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -670,9 +670,11 @@ sub findsig {
     return;
   }
 
-  # FIXME: if we get two primary keys on stdin, both with the same
-  # targetd user ID, we'll store signatures from both keys, which is
-  # probably wrong.
+  if ( (!defined($data->{current_key_match})) ||
+       (! $data->{current_key_match})) {
+    # this is not the key in question.
+    return;
+  }
 
   # the current ID is not what we're looking for:
   return if ($data->{current}->{uid} ne $data->{target}->{uid});
@@ -731,7 +733,7 @@ sub findkey {
   my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
   # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
   $foundfprstr = sprintf("%040s", $foundfprstr);
-  my $matched = 0;
+  $data->{current_key_match} = 0;
 
   # is this a match?
   if ((!defined($data->{target}->{fpr})) ||
@@ -741,7 +743,7 @@ sub findkey {
     }
     $data->{key} = { 'rsa' => $pubkey,
 		     'timestamp' => $key_timestamp };
-    $matched = 1;
+    $data->{current_key_match} = 1;
   }
 
   if ($tag != $packet_types->{seckey} &&
@@ -751,7 +753,7 @@ sub findkey {
     }
     return;
   }
-  if (!$matched) {
+  if (!$data->{current_key_match}) {
     # we don't think the public part of this key matches
     if ($readbytes < $packetlen) {
       read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
@@ -889,7 +891,9 @@ sub adduserid {
     die "The key requested was not found.\n"
   }
 
-  if (defined $data->{uid}->{$uid}) {
+  if (defined $data->{uid}->{$uid} &&
+      defined $data->{sigs} &&
+      scalar(@{$data->{sigs}}) > 0 ) {
     die "The requested User ID '$uid' is already associated with this key.\n";
   }
   $args->{key_timestamp} = $data->{key}->{timestamp};
-- 
cgit v1.2.3