From 9d76ee5147cdcd250efd469f88a5f89a45e020b6 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 18 Nov 2008 17:15:07 +0000
Subject: [PATCH] * trustdb.c (validate_one_keyblock): Fix the trust signature
 calculations so that we lower the trust depth of signatures to fit within the
 current chain, rather than discarding any signature that does not fit within
 the trust depth.

---
 g10/ChangeLog |  7 ++++
 g10/trustdb.c | 88 ++++++++++++++++++++++++++++++++-------------------
 2 files changed, 62 insertions(+), 33 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 439333294..3747350d2 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2008-11-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* trustdb.c (validate_one_keyblock): Fix the trust signature
+	calculations so that we lower the trust depth of signatures to fit
+	within the current chain, rather than discarding any signature
+	that does not fit within the trust depth.
+
 2008-10-03  David Shaw  <dshaw@jabberwocky.com>
 
 	* main.h, mainproc.c (check_sig_and_print),
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 10f82ef97..57684590a 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1,6 +1,6 @@
 /* trustdb.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- *               2007 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1933,50 +1933,72 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 		     (uidnode && check_regexp(kr->trust_regexp,
 					    uidnode->pkt->pkt.user_id->name))))
             {
-	      if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
-		log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
-			  uidnode->pkt->pkt.user_id->name,sig->trust_depth,
-			  kr->trust_depth);
-
 	      /* Are we part of a trust sig chain?  We always favor
                  the latest trust sig, rather than the greater or
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-	      if(opt.trust_model==TM_PGP && sig->trust_depth
-		 && pk->trust_timestamp<=sig->timestamp
-		 && (sig->trust_depth<=kr->trust_depth
-		     || kr->ownertrust==TRUST_ULTIMATE))
+	      if(opt.trust_model==TM_PGP
+		 && sig->trust_depth
+		 && pk->trust_timestamp<=sig->timestamp)
 		{
-		  /* If we got here, we know that:
+		  byte depth;
 
-		     this is a trust sig.
+		  /* If the depth on the signature is less than the
+		     chain currently has, then use the signature depth
+		     so we don't increase the depth beyond what the
+		     signer wanted.  If the depth on the signature is
+		     more than the chain currently has, then use the
+		     chain depth so we use as much of the signature
+		     depth as the chain will permit.  An ultimately
+		     trusted signature can restart the depth to
+		     whatever level it likes. */
 
-		     it's a newer trust sig than any previous trust
-		     sig on this key (not uid).
+		  if(sig->trust_depth<kr->trust_depth
+		     || kr->ownertrust==TRUST_ULTIMATE)
+		    depth=sig->trust_depth;
+		  else
+		    depth=kr->trust_depth;
 
-		     it is legal in that it was either generated by an
-		     ultimate key, or a key that was part of a trust
-		     chain, and the depth does not violate the
-		     original trust sig.
+		  if(depth)
+		    {
+		      if(DBG_TRUST)
+			log_debug("trust sig on %s, sig depth is %d,"
+				  " kr depth is %d\n",
+				  uidnode->pkt->pkt.user_id->name,
+				  sig->trust_depth,
+				  kr->trust_depth);
 
-		     if there is a regexp attached, it matched
-		     successfully.
-		  */
+		      /* If we got here, we know that:
 
-		  if(DBG_TRUST)
-		    log_debug("replacing trust value %d with %d and "
-			      "depth %d with %d\n",
-			      pk->trust_value,sig->trust_value,
-			      pk->trust_depth,sig->trust_depth);
+			 this is a trust sig.
 
-		  pk->trust_value=sig->trust_value;
-		  pk->trust_depth=sig->trust_depth-1;
+			 it's a newer trust sig than any previous trust
+			 sig on this key (not uid).
 
-		  /* If the trust sig contains a regexp, record it
-		     on the pk for the next round. */
-		  if(sig->trust_regexp)
-		    pk->trust_regexp=sig->trust_regexp;
+			 it is legal in that it was either generated by an
+			 ultimate key, or a key that was part of a trust
+			 chain, and the depth does not violate the
+			 original trust sig.
+
+			 if there is a regexp attached, it matched
+			 successfully.
+		      */
+
+		      if(DBG_TRUST)
+			log_debug("replacing trust value %d with %d and "
+				  "depth %d with %d\n",
+				  pk->trust_value,sig->trust_value,
+				  pk->trust_depth,depth);
+
+		      pk->trust_value=sig->trust_value;
+		      pk->trust_depth=depth-1;
+
+		      /* If the trust sig contains a regexp, record it
+			 on the pk for the next round. */
+		      if(sig->trust_regexp)
+			pk->trust_regexp=sig->trust_regexp;
+		    }
 		}
 
               if (kr->ownertrust == TRUST_ULTIMATE)