The bug is caused by a wrong sscanf() return value check. The
sscanf() is called with two escapes, but the caller only checks
whether one of those is valid. This patch expands the check to both
values.
--- keys.c.orig 2006-09-16 20:07:30.137499500 +0200
+++ keys.c 2006-09-16 20:07:35.621842250 +0200
@@ -211,7 +211,7 @@
return;
}
- if ( (sscanf(key_len_msg, ": Len %u:%n", &length, &realstart) < 1) ||
+ if ( (sscanf(key_len_msg, ": Len %u:%n", &length, &realstart) < 2) ||
(realstart == 0) ) {
gaim_debug(GAIM_DEBUG_ERROR, "gaim-encryption", "Error in key header\n");
return;
