Using "Assume -R" equal to yes it seems the patch is not applied (I checked
the sqlbox.c file after and no occurence of msg_escaped for instance).
Alex where to downloaded the latest version of sqlbox? The one I got was
from your website.
BTW I try to apply the patch on the original source I have kept
(sqlbox-0.7.2.tar.gz) but I got the same error.
BR,
Emmanuel
2010/6/14 Tomasz <ad...@impexrur.pl>
> Hi,
>
> Try to use -R option with path or press "y" when "Assume -R? [n]"
> displays.
>
> Regards,
> Tomasz
>
> W Twoim liście datowanym 14 czerwca 2010 (11:46:40) można przeczytać:
>
> > Hello Rene,
>
> > Trying to patch gw/sqlbox.c I got this error, is it an issue?
>
> > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch
> > patching file sqlbox.c
> > patching file sqlbox.c
> > Hunk #1 FAILED at 82.
> > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej
> > patching file sqlbox.c
> > Reversed (or previously applied) patch detected! Assume -R? [n] n
> > Apply anyway? [n] y
> > Hunk #1 FAILED at 252.
> > Hunk #2 FAILED at 269.
> > Hunk #3 FAILED at 375.
> > Hunk #4 FAILED at 398.
> > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej
> > [r...@kannel gw]#
>
>
>
>
> > [r...@kannel gw]# cat sqlbox.c.rej
> > Index: sb-config.h.in
> > --- sb-config.h.in (revision 28)
> > +++ sb-config.h.in (working copy)
> > @@ -82,10 +82,6 @@
> > /* Define to 1 if you have the <unistd.h> header file. */
> > #undef HAVE_UNISTD_H
>
> > -/* Define to the sub-directory in which libtool stores uninstalled
> > libraries.
> > - */
> > -#undef LT_OBJDIR
> > -
> > /* Name of package */
> > #undef PACKAGE
>
> > Index: gw/sqlbox.c
> > --- gw/sqlbox.c (revision 28)
> > +++ gw/sqlbox.c (working copy)
> > @@ -252,7 +252,7 @@
> > static void smsbox_to_bearerbox(void *arg)
> > {
> > Boxc *conn = arg;
> > - Msg *msg;
> > + Msg *msg, *msg_escaped;
>
> > /* remove messages from socket until it is closed */
> > while (sqlbox_status != SQL_DEAD && conn->alive) {
> > @@ -269,7 +269,9 @@
> > if (msg_type(msg) == sms) {
> > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received");
>
> > - gw_sql_save_msg(msg, octstr_imm("MT"));
> > + msg_escaped = msg_duplicate(msg);
> > + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
> > + msg_destroy(msg_escaped);
> > }
>
> > send_msg(conn->bearerbox_connection, conn, msg);
> > @@ -375,7 +377,7 @@
>
> > static void bearerbox_to_smsbox(void *arg)
> > {
> > - Msg *msg;
> > + Msg *msg, *msg_escaped;
> > Boxc *conn = arg;
>
> > while (sqlbox_status != SQL_DEAD && conn->alive) {
> > @@ -398,10 +400,12 @@
> > break;
> > }
> > if ((msg_type(msg) == sms) &&
> > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) {
> > + msg_escaped = msg_duplicate(msg);
> > if (msg->sms.sms_type != report_mo)
> > - gw_sql_save_msg(msg, octstr_imm("MO"));
> > + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
> > else
> > - gw_sql_save_msg(msg, octstr_imm("DLR"));
> > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
> > + msg_destroy(msg_escaped);
> > }
> > send_msg(conn->smsbox_connection, conn, msg);
> > msg_destroy(msg);
> > [r...@kannel gw]#
>
> > Regards,
>
> > Emmanuel
>
>
>
> > 2010/6/13 Rene Kluwen <rene.klu...@chimit.nl>
>
> >> msg_duplicate is the normal function from msg.h. No special meaning.
> >>
> >> What happens is that gw_sql_save has a side effect. It escapes all text
> >> strings with a backslash before the "'" sign because it displays them in
> >> the
> >> INSERT INTO... statement in the database.
> >> When I designed the function I was under the impression that it escaped
> the
> >> strings in a copy... But apparently it doesn't.
> >>
> >> What happens in the "old" version is that gw_sql_save_msg escapes the
> >> strings inline and later it does a "send_msg(conn->smsbox_connection,
> conn,
> >> msg)" with the same message... which has a backslash in front of the
> "'".
> >>
> >> By duplicating the message before calling the gw_sql_save_msg, this
> >> behavior
> >> is eliminated.
> >>
> >> Someone on the mailinglist (Tomasz) has already confirmed that the
> problem
> >> has been solved with this patch.
> >>
> >> == Rene
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: Alejandro Guerrieri [mailto:aguerri...@kannel.org]
> >> Sent: vrijdag 11 juni 2010 23:52
> >> To: Rene Kluwen
> >> Cc: 'Tomasz'; 'Kannel list'; de...@kannel.org
> >> Subject: Re: [PATCH] RE: Messages with php stripslashes
> >>
> >> + msg_escaped = msg_duplicate(msg);
> >> if (msg->sms.sms_type != report_mo)
> >> - gw_sql_save_msg(msg, octstr_imm("MO"));
> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
> >> else
> >> - gw_sql_save_msg(msg, octstr_imm("DLR"));
> >> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
> >> + msg_destroy(msg_escaped);
> >>
> >> and
> >>
> >> - gw_sql_save_msg(msg, octstr_imm("MT"));
> >> + msg_escaped = msg_duplicate(msg);
> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
> >> + msg_destroy(msg_escaped);
> >>
> >> (and other similar lines)
> >>
> >> You're duplicating the msg to msg_escaped and then running the same
> >> gw_sql_save_msg function? What difference does it make?
> >>
> >> Or maybe msg_duplicate does some escaping magic I'm not aware of? If
> >> msg_duplicate does what the name says, I don't see what's changed.
> >>
> >> Regards,
> >>
> >> Alex
> >> --
> >> Alejandro Guerrieri
> >> aguerri...@kannel.org
> >>
> >>
> >>
> >> On 11/06/2010, at 23:25, Rene Kluwen wrote:
> >>
> >> > Sorry for crossposting. But I think the users are allowed to know what
> is
> >> > going on, even if this is a developers matter.
> >> >
> >> > I think I found the solution to the problem below, which affects all
> >> > smsbox->sqlbox->bearerbox users.
> >> >
> >> > I must admit: Haven't tested it yet. But it should work.
> >> >
> >> > See attached patch. Votes?
> >> >
> >> >
> >> > -----Original Message-----
> >> > From: users-boun...@kannel.org [mailto:users-boun...@kannel.org] On
> >> Behalf
> >> > Of Tomasz
> >> > Sent: vrijdag 11 juni 2010 15:10
> >> > To: Kannel list
> >> > Subject: Re: Messages with php stripslashes
> >> >
> >> > Hi,
> >> >
> >> > I've got the same issue - when we send MT message by CGI which
> >> > contains ' sign, the recipient gets \' (escaped '). When we inject MT
> >> > directly to MySQL Database, recipient get only ' sing (valid!).
> >> >
> >> > Our configuration is:
> >> >
> >> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC
> >> >
> >> > The problem is caused probably by SQLBOX - somewhere there must be
> >> > some kind of addslashes function. Escaped sign is being delivered to
> >> > BEARERBOX. I've tried to find this is source code but I was unable.
> >> >
> >> > Have someone fixed this problem yet?
> >> >
> >> > Thanks
> >> > Tomasz
> >> >
> >> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać:
> >> >
> >> >> I have posted some weeks ago a similar issue with sqlbox but it is
> not
> >> >> resolved for the moment, Alejandro to check on his side to reproduce
> the
> >> >> issue.
> >> >
> >> >> Check my post in the mailling list archive to see if it the same
> >> problem:
> >> >
> >> >> Object: *Quote and backslash issue*
> >> >
> >> >> As you when using CGI interface to send a SMS I got the quote escaped
> on
> >> > the
> >> >> mobile, BUT when using directly SQL injection on sqlbox it works
> >> > correctly.
> >> >
> >> >> Regards,
> >> >
> >> >> Emmanuel
> >> >
> >> >
> >> >
> >> > <sql-escape.patch>
>
>
>
--
Emmanuel
CHANSON Emmanuel
Mobile Nouvelle-Calédonie: +687.77.35.02
Mobile France: +33 (0) 6.68.03.89.56
@email : emmanuelchan...@gmail.com
