From 2f7d6ce43e557cf040fbc9e67a655fbfc6096e0c Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Mon, 14 Dec 2009 10:50:43 +0000
Subject: [PATCH] don't process duplicate blobs in check_embedded
 http://bugzilla.iay.org.uk/show_bug.cgi?id=691

---
 build/check_embedded.pl | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index 84ace9b8..e10bc730 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -58,6 +58,20 @@ sub comment {
 	$quiet = 1 if $arg eq '-q';
 }
 
+#
+# Hash of already-seen blobs.
+#
+# Each entry in the hash is indexed by the blob itself.  Each blob is a concatenated
+# sequence of information that uniquely identifies an already checked key.  This is
+# used to avoid processing the same blob more than once.
+#
+my %blobs;
+
+#
+# Blob currently being constructed.
+#
+my $blob;
+
 while (<>) {
 
 	#
@@ -86,6 +100,7 @@ sub comment {
 			$oline .= "has no KeyName";
 		}
 		push(@olines, $oline);
+		$blob = $oline;		# start building a new blob
 
 		#
 		# Create a temporary file for this certificate in PEM format.
@@ -102,12 +117,28 @@ sub comment {
 	# Put other lines into a temporary file.
 	#
 	print $fh $_;
+	$blob .= '|' . $_;
 	
 	#
 	# If this is the last line of the certificate, actually do
 	# something with it.
 	#
 	if (/END CERTIFICATE/) {
+		#
+		# Have we seen this blob before?  If so, close (and delete) the
+		# temporary file, and go and look for a new certificate to process.
+		#
+		if (defined($blobs{$blob})) {
+			# print "skipping a blob\n";
+			close SSL;
+			next;
+		}
+		
+		#
+		# Otherwise, remember this blob so that we won't process it again.
+		#
+		$blobs{$blob} = 1;
+
 		#
 		# Don't close the temporary file yet, because that would cause it
 		# to be deleted.  We've already arranged for buffering to be