1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Make sure

that even after keys may be merged together, we only have one chosen
selfsig.
This commit is contained in:
David Shaw 2005-06-12 20:42:04 +00:00
parent 1594883f2f
commit 6e9b751b79
2 changed files with 18 additions and 7 deletions

View File

@ -1,3 +1,9 @@
2005-06-12 David Shaw <dshaw@jabberwocky.com>
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Make sure
that even after keys may be merged together, we only have one
chosen selfsig.
2005-06-09 David Shaw <dshaw@jabberwocky.com> 2005-06-09 David Shaw <dshaw@jabberwocky.com>
* options.h, import.c (parse_import_options, delete_inv_parts): * options.h, import.c (parse_import_options, delete_inv_parts):

View File

@ -1650,7 +1650,8 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig)) else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
&& sig->timestamp >= sigdate ) { && sig->timestamp >= sigdate )
{
/* Note: we allow to invalidate cert revocations /* Note: we allow to invalidate cert revocations
* by a newer signature. An attacker can't use this * by a newer signature. An attacker can't use this
* because a key should be revoced with a key revocation. * because a key should be revoced with a key revocation.
@ -1662,9 +1663,10 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
sigdate = sig->timestamp; sigdate = sig->timestamp;
signode = k; signode = k;
signode->pkt->pkt.signature->flags.chosen_selfsig=0;
if( sig->version > sigversion ) if( sig->version > sigversion )
sigversion = sig->version; sigversion = sig->version;
} }
} }
} }
} }
@ -1941,14 +1943,17 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
* figure out other information like the old expiration * figure out other information like the old expiration
* time */ * time */
} }
else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate ) { else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate )
{
if(sig->flags.expired) if(sig->flags.expired)
; /* signature has expired - ignore it */ ; /* signature has expired - ignore it */
else { else
{
sigdate = sig->timestamp; sigdate = sig->timestamp;
signode = k; signode = k;
} signode->pkt->pkt.signature->flags.chosen_selfsig=0;
} }
}
} }
} }
} }