[svn] GnuPG - r4875 - branches/STABLE-BRANCH-1-4/g10

Tue Nov 18 18:15:08 CET 2008

Author: dshaw
Date: 2008-11-18 18:15:07 +0100 (Tue, 18 Nov 2008)
New Revision: 4875

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/trustdb.c
Log:
* trustdb.c (validate_one_keyblock): Fix the trust signature
calculations so that we lower the trust depth of signatures to fit
within the current chain, rather than discarding any signature that
does not fit within the trust depth.


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================

--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-11-18 17:09:07 UTC (rev 4874)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-11-18 17:15:07 UTC (rev 4875)
@@ -1,3 +1,10 @@
+2008-11-18  David Shaw  <dshaw at jabberwocky.com>
+
+	* trustdb.c (validate_one_keyblock): Fix the trust signature
+	calculations so that we lower the trust depth of signatures to fit
+	within the current chain, rather than discarding any signature
+	that does not fit within the trust depth.
+
 2008-10-03  David Shaw  <dshaw at jabberwocky.com>
 
 	* main.h, mainproc.c (check_sig_and_print),

Modified: branches/STABLE-BRANCH-1-4/g10/trustdb.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/trustdb.c	2008-11-18 17:09:07 UTC (rev 4874)
+++ branches/STABLE-BRANCH-1-4/g10/trustdb.c	2008-11-18 17:15:07 UTC (rev 4875)
@@ -1,6 +1,6 @@
 /* trustdb.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- *               2007 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1933,50 +1933,72 @@
 		     (uidnode && check_regexp(kr->trust_regexp,
 					    uidnode->pkt->pkt.user_id->name))))
             {
-	      if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
-		log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
-			  uidnode->pkt->pkt.user_id->name,sig->trust_depth,
-			  kr->trust_depth);
-
 	      /* Are we part of a trust sig chain?  We always favor
                  the latest trust sig, rather than the greater or
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-	      if(opt.trust_model==TM_PGP && sig->trust_depth
-		 && pk->trust_timestamp<=sig->timestamp
-		 && (sig->trust_depth<=kr->trust_depth
-		     || kr->ownertrust==TRUST_ULTIMATE))
+	      if(opt.trust_model==TM_PGP
+		 && sig->trust_depth
+		 && pk->trust_timestamp<=sig->timestamp)
 		{
-		  /* If we got here, we know that:
+		  byte depth;
 
-		     this is a trust sig.
+		  /* If the depth on the signature is less than the
+		     chain currently has, then use the signature depth
+		     so we don't increase the depth beyond what the
+		     signer wanted.  If the depth on the signature is
+		     more than the chain currently has, then use the
+		     chain depth so we use as much of the signature
+		     depth as the chain will permit.  An ultimately
+		     trusted signature can restart the depth to
+		     whatever level it likes. */
 
-		     it's a newer trust sig than any previous trust
-		     sig on this key (not uid).
+		  if(sig->trust_depth<kr->trust_depth
+		     || kr->ownertrust==TRUST_ULTIMATE)
+		    depth=sig->trust_depth;
+		  else
+		    depth=kr->trust_depth;
 
-		     it is legal in that it was either generated by an
-		     ultimate key, or a key that was part of a trust
-		     chain, and the depth does not violate the
-		     original trust sig.
+		  if(depth)
+		    {
+		      if(DBG_TRUST)
+			log_debug("trust sig on %s, sig depth is %d,"
+				  " kr depth is %d\n",
+				  uidnode->pkt->pkt.user_id->name,
+				  sig->trust_depth,
+				  kr->trust_depth);
 
-		     if there is a regexp attached, it matched
-		     successfully.
-		  */
+		      /* If we got here, we know that:
 
-		  if(DBG_TRUST)
-		    log_debug("replacing trust value %d with %d and "
-			      "depth %d with %d\n",
-			      pk->trust_value,sig->trust_value,
-			      pk->trust_depth,sig->trust_depth);
+			 this is a trust sig.
 
-		  pk->trust_value=sig->trust_value;
-		  pk->trust_depth=sig->trust_depth-1;
+			 it's a newer trust sig than any previous trust
+			 sig on this key (not uid).
 
-		  /* If the trust sig contains a regexp, record it
-		     on the pk for the next round. */
-		  if(sig->trust_regexp)
-		    pk->trust_regexp=sig->trust_regexp;
+			 it is legal in that it was either generated by an
+			 ultimate key, or a key that was part of a trust
+			 chain, and the depth does not violate the
+			 original trust sig.
+
+			 if there is a regexp attached, it matched
+			 successfully.
+		      */
+
+		      if(DBG_TRUST)
+			log_debug("replacing trust value %d with %d and "
+				  "depth %d with %d\n",
+				  pk->trust_value,sig->trust_value,
+				  pk->trust_depth,depth);
+
+		      pk->trust_value=sig->trust_value;
+		      pk->trust_depth=depth-1;
+
+		      /* If the trust sig contains a regexp, record it
+			 on the pk for the next round. */
+		      if(sig->trust_regexp)
+			pk->trust_regexp=sig->trust_regexp;
+		    }
 		}
 
               if (kr->ownertrust == TRUST_ULTIMATE)


