Workaround for a crash bug in libgcrypt affecting otr_sesskeys
Passing a private key value of 0 to otr_sesskeys would cause libgcrypt to crash in gcry_mpi_powm. We reported this libgcrypt bug and it was then fixed in http://lists.gnupg.org/pipermail/gcrypt-devel/2013-July/002251.html but the workaround is simply to use gcry_mpi_new(DH1536_MOD_LEN_BITS) instead of gcry_mpi_new(0). Note that this only affected the otr_sesskeys toolkit program, and not libotr itself. Thanks to the Mayhem Team at CMU (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) for the report.
Showing with 3 additions and 2 deletions