* options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl as a

sample LDAP server instead. * getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys in a single packet. Properly handle revocation keys that are in out-of-order packets. Remove duplicates in revocation key list.
2024-11-05 20:48:52 +01:00 · 2002-05-15 13:15:27 +00:00 · 2002-05-15 13:15:27 +00:00 · fcfc223dbb
commit fcfc223dbb
parent ab53833530
3 changed files with 69 additions and 29 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,13 @@
+2002-05-15  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl
+	as a sample LDAP server instead.
+
+	* getkey.c (merge_selfsigs_main): Properly handle multiple
+	revocation keys in a single packet.  Properly handle revocation
+	keys that are in out-of-order packets.  Remove duplicates in
+	revocation key list.
+
 2002-05-14  Timo Schulz   <ts@winpt.org>

 	* exec.c (make_tempdir) [MINGW32]: Added missing '\'.
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1219,7 +1219,28 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                     */ 
                    *r_revoked = 1;
                }
-                else if ( IS_KEY_SIG (sig) && sig->timestamp >= sigdate ) {
+                else if ( IS_KEY_SIG (sig) ) {
+		  /* Add any revocation keys onto the pk.  This is
+		     particularly interesting since we normally only
+		     get data from the most recent 1F signature, but
+		     you need multiple 1F sigs to properly handle
+		     revocation keys (PGP does it this way, and a
+		     revocation key could be sensitive and hence in a
+		     different signature). */
+		  if(sig->revkey) {
+		    int i;
+
+		    pk->revkey=
+		      m_realloc(pk->revkey,sizeof(struct revocation_key)*
+				(pk->numrevkeys+sig->numrevkeys));
+
+		    for(i=0;i<sig->numrevkeys;i++)
+		      memcpy(&pk->revkey[pk->numrevkeys++],
+			     sig->revkey[i],
+			     sizeof(struct revocation_key));
+		  }
+
+		  if( sig->timestamp >= sigdate ) {
                    const byte *p;
                    
                    p = parse_sig_subpkt( sig->hashed,
@ -1231,32 +1252,41 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                        signode = k;
 			sigversion = sig->version;

-			/* Add any revocation keys onto the pk.  This
-                           is particularly interesting since we
-                           normally only get data from the most recent
-                           1F signature, but you need multiple 1F sigs
-                           to properly handle revocation keys (PGP
-                           does it this way, and a revocation key
-                           could be sensitive and hence in a different
-                           signature). */
-			if(sig->revkey) {
-			  int i;
+		    }
+		  }
+                }
+            }
+        }
+    }

-			  pk->revkey=
-			    m_realloc(pk->revkey,sizeof(struct revocation_key)*
-				      (pk->numrevkeys+sig->numrevkeys));
+    /* Remove dupes from the revocation keys */

-			  for(i=0;i<sig->numrevkeys;i++)
-			    memcpy(&pk->revkey[pk->numrevkeys],
-				   sig->revkey[i],
-				   sizeof(struct revocation_key));
+    if(pk->revkey)
+      {
+	int i,j,x,changed=0;

-			  pk->numrevkeys+=sig->numrevkeys;
-			}
-                    }
+	for(i=0;i<pk->numrevkeys;i++)
+	  {
+	    for(j=i+1;j<pk->numrevkeys;j++)
+	      {
+		if(memcmp(&pk->revkey[i],&pk->revkey[j],
+			  sizeof(struct revocation_key))==0)
+		  {
+		    /* remove j */
+
+		    for(x=j;x<pk->numrevkeys-1;x++)
+		      pk->revkey[x]=pk->revkey[x+1];
+
+		    pk->numrevkeys--;
+		    j--;
+		    changed=1;
 		  }
 	      }
 	  }
+
+	if(changed)
+	  pk->revkey=m_realloc(pk->revkey,
+			       pk->numrevkeys*sizeof(struct revocation_key));
      }

    if ( signode ) {
--- a/g10/options.skel
+++ b/g10/options.skel
@ -91,7 +91,7 @@ lock-once
 #      mailto:pgp-public-keys@keys.nl.pgp.net
 #
 # Example LDAP keyserver:
-#      ldap://keyserver.pgp.com
+#      ldap://pgp.surfnet.nl:11370
 #
 # Regular URL syntax applies, and you can set an alternate port
 # through the usual method:
@ -109,7 +109,7 @@ lock-once

 #keyserver x-hkp://keyserver.cryptnet.net
 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
-#keyserver ldap://keyserver.pgp.com
+#keyserver ldap://pgp.surfnet.nl:11370

 # Options for keyserver functions
 #
@ -155,9 +155,9 @@ lock-once
 # %% is %, of course.
 #
 # If %i or %I are not present, then the photo is supplied to the
-# viewer on standard input.  Standard input is the best way to do
-# this, as it avoids the time and effort in generating and then
-# cleaning up a secure temp file.
+# viewer on standard input.  If your platform supports it, standard
+# input is the best way to do this as it avoids the time and effort in
+# generating and then cleaning up a secure temp file.
 #
 # The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
 #