Gadu-Gadu crash on 2.x.y
Tomasz Wasilczyk
twasilczyk at pidgin.im
Thu Jan 16 06:49:05 EST 2014
I've just checked the Gadu-Gadu prpl in 2.x.y branch and it crashes when
trying to register new account. I'm not sure, if its exploitable, but
its not likely for the user to trigger the crash, since its unintuitive
for user to call it (he have to provide username, even if Gadu-Gadu
automatically generates new one with registration).
Steps to reproduce:
1. open accounts window and add a new account
2. choose Gadu-Gadu protocol, enter any username (may be "0" - as I
mentioned, it's 2.x.y weirdness)
3. check "Create this new account on the server" and click "Add" [crash]
I will commit the fix to private repo, since 2.10.8 release is only few
days away. The fix will be as simple as removing this callback from the
prpl, since it doesn't work anymore (Gadu-Gadu changed the part of
protocol used for account management).
Tomek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4225 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140116/a0cc7566/attachment.bin>
More information about the security
mailing list