Gadu-Gadu crash on 2.x.y

Tomasz Wasilczyk twasilczyk at
Thu Jan 16 06:49:05 EST 2014

I've just checked the Gadu-Gadu prpl in 2.x.y branch and it crashes when 
trying to register new account. I'm not sure, if its exploitable, but 
its not likely for the user to trigger the crash, since its unintuitive 
for user to call it (he have to provide username, even if Gadu-Gadu 
automatically generates new one with registration).

Steps to reproduce:
1. open accounts window and add a new account
2. choose Gadu-Gadu protocol, enter any username (may be "0" - as I 
mentioned, it's 2.x.y weirdness)
3. check "Create this new account on the server" and click "Add" [crash]

I will commit the fix to private repo, since 2.10.8 release is only few 
days away. The fix will be as simple as removing this callback from the 
prpl, since it doesn't work anymore (Gadu-Gadu changed the part of 
protocol used for account management).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4225 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <>

More information about the security mailing list