Hello Rene,
Trying to patch gw/sqlbox.c I got this error, is it an issue?
[r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch
patching file sqlbox.c
patching file sqlbox.c
Hunk #1 FAILED at 82.
1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej
patching file sqlbox.c
Reversed (or previously applied) patch detected! Assume -R? [n] n
Apply anyway? [n] y
Hunk #1 FAILED at 252.
Hunk #2 FAILED at 269.
Hunk #3 FAILED at 375.
Hunk #4 FAILED at 398.
4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej
[r...@kannel gw]#
[r...@kannel gw]# cat sqlbox.c.rej
Index: sb-config.h.in
--- sb-config.h.in (revision 28)
+++ sb-config.h.in (working copy)
@@ -82,10 +82,6 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
-/* Define to the sub-directory in which libtool stores uninstalled
libraries.
- */
-#undef LT_OBJDIR
-
/* Name of package */
#undef PACKAGE
Index: gw/sqlbox.c
--- gw/sqlbox.c (revision 28)
+++ gw/sqlbox.c (working copy)
@@ -252,7 +252,7 @@
static void smsbox_to_bearerbox(void *arg)
{
Boxc *conn = arg;
- Msg *msg;
+ Msg *msg, *msg_escaped;
/* remove messages from socket until it is closed */
while (sqlbox_status != SQL_DEAD && conn->alive) {
@@ -269,7 +269,9 @@
if (msg_type(msg) == sms) {
debug("sqlbox", 0, "smsbox_to_bearerbox: sms received");
- gw_sql_save_msg(msg, octstr_imm("MT"));
+ msg_escaped = msg_duplicate(msg);
+ gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
+ msg_destroy(msg_escaped);
}
send_msg(conn->bearerbox_connection, conn, msg);
@@ -375,7 +377,7 @@
static void bearerbox_to_smsbox(void *arg)
{
- Msg *msg;
+ Msg *msg, *msg_escaped;
Boxc *conn = arg;
while (sqlbox_status != SQL_DEAD && conn->alive) {
@@ -398,10 +400,12 @@
break;
}
if ((msg_type(msg) == sms) &&
(strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) {
+ msg_escaped = msg_duplicate(msg);
if (msg->sms.sms_type != report_mo)
- gw_sql_save_msg(msg, octstr_imm("MO"));
+ gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
else
- gw_sql_save_msg(msg, octstr_imm("DLR"));
+ gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
+ msg_destroy(msg_escaped);
}
send_msg(conn->smsbox_connection, conn, msg);
msg_destroy(msg);
[r...@kannel gw]#
Regards,
Emmanuel
2010/6/13 Rene Kluwen <[email protected]>
> msg_duplicate is the normal function from msg.h. No special meaning.
>
> What happens is that gw_sql_save has a side effect. It escapes all text
> strings with a backslash before the "'" sign because it displays them in
> the
> INSERT INTO... statement in the database.
> When I designed the function I was under the impression that it escaped the
> strings in a copy... But apparently it doesn't.
>
> What happens in the "old" version is that gw_sql_save_msg escapes the
> strings inline and later it does a "send_msg(conn->smsbox_connection, conn,
> msg)" with the same message... which has a backslash in front of the "'".
>
> By duplicating the message before calling the gw_sql_save_msg, this
> behavior
> is eliminated.
>
> Someone on the mailinglist (Tomasz) has already confirmed that the problem
> has been solved with this patch.
>
> == Rene
>
>
>
> -----Original Message-----
> From: Alejandro Guerrieri [mailto:[email protected]]
> Sent: vrijdag 11 juni 2010 23:52
> To: Rene Kluwen
> Cc: 'Tomasz'; 'Kannel list'; [email protected]
> Subject: Re: [PATCH] RE: Messages with php stripslashes
>
> + msg_escaped = msg_duplicate(msg);
> if (msg->sms.sms_type != report_mo)
> - gw_sql_save_msg(msg, octstr_imm("MO"));
> + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
> else
> - gw_sql_save_msg(msg, octstr_imm("DLR"));
> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
> + msg_destroy(msg_escaped);
>
> and
>
> - gw_sql_save_msg(msg, octstr_imm("MT"));
> + msg_escaped = msg_duplicate(msg);
> + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
> + msg_destroy(msg_escaped);
>
> (and other similar lines)
>
> You're duplicating the msg to msg_escaped and then running the same
> gw_sql_save_msg function? What difference does it make?
>
> Or maybe msg_duplicate does some escaping magic I'm not aware of? If
> msg_duplicate does what the name says, I don't see what's changed.
>
> Regards,
>
> Alex
> --
> Alejandro Guerrieri
> [email protected]
>
>
>
> On 11/06/2010, at 23:25, Rene Kluwen wrote:
>
> > Sorry for crossposting. But I think the users are allowed to know what is
> > going on, even if this is a developers matter.
> >
> > I think I found the solution to the problem below, which affects all
> > smsbox->sqlbox->bearerbox users.
> >
> > I must admit: Haven't tested it yet. But it should work.
> >
> > See attached patch. Votes?
> >
> >
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]] On
> Behalf
> > Of Tomasz
> > Sent: vrijdag 11 juni 2010 15:10
> > To: Kannel list
> > Subject: Re: Messages with php stripslashes
> >
> > Hi,
> >
> > I've got the same issue - when we send MT message by CGI which
> > contains ' sign, the recipient gets \' (escaped '). When we inject MT
> > directly to MySQL Database, recipient get only ' sing (valid!).
> >
> > Our configuration is:
> >
> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC
> >
> > The problem is caused probably by SQLBOX - somewhere there must be
> > some kind of addslashes function. Escaped sign is being delivered to
> > BEARERBOX. I've tried to find this is source code but I was unable.
> >
> > Have someone fixed this problem yet?
> >
> > Thanks
> > Tomasz
> >
> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać:
> >
> >> I have posted some weeks ago a similar issue with sqlbox but it is not
> >> resolved for the moment, Alejandro to check on his side to reproduce the
> >> issue.
> >
> >> Check my post in the mailling list archive to see if it the same
> problem:
> >
> >> Object: *Quote and backslash issue*
> >
> >> As you when using CGI interface to send a SMS I got the quote escaped on
> > the
> >> mobile, BUT when using directly SQL injection on sqlbox it works
> > correctly.
> >
> >> Regards,
> >
> >> Emmanuel
> >
> >
> >
> > <sql-escape.patch>
>
>
>
>
>
--
Emmanuel
CHANSON Emmanuel
Mobile Nouvelle-Calédonie: +687.77.35.02
Mobile France: +33 (0) 6.68.03.89.56
@email : [email protected]
