1 files changed, 36 insertions, 9 deletions

diff --git a/g10/mainproc.c b/g10/mainproc.c
index faefacb10..52c0092d5 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -98,10 +98,9 @@ struct mainproc_context
 
 
 static int do_proc_packets( CTX c, IOBUF a );
-
 static void list_node( CTX c, KBNODE node );
 static void proc_tree( CTX c, KBNODE node );
-
+static int literals_seen;
 
 static void
 release_list( CTX c )
@@ -596,6 +595,8 @@ proc_plaintext( CTX c, PACKET *pkt )
     int any, clearsig, only_md5, rc;
     KBNODE n;
 
+    literals_seen++;
+
     if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
 	log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
     else if( opt.verbose )
@@ -683,12 +684,29 @@ proc_plaintext( CTX c, PACKET *pkt )
 	    gcry_md_start_debug ( c->mfx.md2, "verify2" );
     }
 
-    rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
-    if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
+    rc=0;
+
+    if (literals_seen>1)
       {
-        /* Can't write output but we hash it anyway to check the
-           signature. */
-        rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+	log_info (_("WARNING: multiple plaintexts seen\n"));
+
+	if (!opt.flags.allow_multiple_messages)
+	  {
+            write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+	    log_inc_errorcount ();
+	    rc = gpg_error (GPG_ERR_UNEXPECTED); 
+	  }
+      }
+    
+    if(!rc)
+      {
+        rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
+        if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
+          {
+            /* Can't write output but we hash it anyway to check the
+               signature. */
+            rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+          }
       }
 
     if( rc )
@@ -1512,8 +1530,17 @@ check_sig_and_print( CTX c, KBNODE node )
           n_sig++;
         if (!n_sig)
           goto ambiguous;
-        if (n && !opt.allow_multisig_verification)
-          goto ambiguous;
+
+	/* If we wanted to disallow multiple sig verification, we'd do
+	   something like this:
+
+	   if (n && !opt.allow_multisig_verification)
+             goto ambiguous;
+
+	   However, now that we have --allow-multiple-messages, this
+	   can stay allowable as we can't get here unless multiple
+	   messages (i.e. multiple literals) are allowed. */
+
         if (n_onepass != n_sig)
           {
             log_info ("number of one-pass packets does not match "