X-Git-Url: http://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=cleankey.c;h=3a74098c4683e114ef37421099fc46f67a0ca3a2;hp=51274fe874b25898a1405e006ddd20296deebc9d;hb=00e37c36f214bf9d2e9794d3089e64522a6275a2;hpb=9ae9b738dbb1b0eb7acad93a87228d88a2d39942

diff --git a/cleankey.c b/cleankey.c
index 51274fe..3a74098 100644
--- a/cleankey.c
+++ b/cleankey.c
@@ -141,7 +141,7 @@ int clean_sighashes(struct onak_dbctx *dbctx,
 		bool *selfsig, bool *othersig)
 {
 	struct openpgp_packet_list *tmpsig;
-	struct openpgp_publickey *sigkey = NULL;
+	struct openpgp_publickey *sigkeys = NULL, *curkey;
 	onak_status_t ret;
 	uint8_t hashtype;
 	uint8_t hash[64];
@@ -198,10 +198,20 @@ int clean_sighashes(struct onak_dbctx *dbctx,
 				}
 			}
 
-			if (remove && dbctx->fetch_key_id(dbctx, sigid,
-						&sigkey, false)) {
+			if (remove) {
+				dbctx->fetch_key_id(dbctx, sigid,
+						&sigkeys, false);
+			}
+
+			/*
+			 * A 64 bit collision is probably a sign of something
+			 * sneaky happening, but if the signature verifies we
+			 * should keep it.
+			 */
+			for (curkey = sigkeys; curkey != NULL;
+					curkey = curkey->next) {
 
-				ret = onak_check_hash_sig(sigkey,
+				ret = onak_check_hash_sig(curkey,
 						(*sigs)->packet,
 						hash, hashtype);
 
@@ -211,11 +221,12 @@ int clean_sighashes(struct onak_dbctx *dbctx,
 					if (othersig != NULL) {
 						*othersig = true;
 					}
+					break;
 				}
-
-				free_publickey(sigkey);
-				sigkey = NULL;
 			}
+
+			free_publickey(sigkeys);
+			sigkeys = NULL;
 		}
 #endif