Ok I have tested with the sqlbox.c file patched as below, then tested using
CGI interface and a SMS with a quote and it works !
Quote not escaped any more...
Thanks to Rene, Alex, and others ...
Regards,
Emmanuel
2010/6/14 Emmanuel CHANSON <emmanuelchan...@gmail.com>
> I have tried to patch the svn source just downloaded but same errors
> displayed, sqlbox.c seems to be patched....so
>
>
>
> [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch
> patching file sqlbox.c
> patching file sqlbox.c
> Hunk #1 FAILED at 82.
> 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej
> patching file sqlbox.c
> Reversed (or previously applied) patch detected! Assume -R? [n] n
> Apply anyway? [n] y
> Hunk #1 FAILED at 252.
> Hunk #2 FAILED at 269.
> Hunk #3 FAILED at 375.
> Hunk #4 FAILED at 398.
> 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej
> [r...@kannel gw]#
> [r...@kannel gw]#
> [r...@kannel gw]# cat sqlbox.c.rej
> Index: sb-config.h.in
> --- sb-config.h.in (revision 28)
> +++ sb-config.h.in (working copy)
> @@ -82,10 +82,6 @@
> /* Define to 1 if you have the <unistd.h> header file. */
> #undef HAVE_UNISTD_H
>
> -/* Define to the sub-directory in which libtool stores uninstalled
> libraries.
> - */
> -#undef LT_OBJDIR
> -
> /* Name of package */
> #undef PACKAGE
>
> Index: gw/sqlbox.c
> --- gw/sqlbox.c (revision 28)
> +++ gw/sqlbox.c (working copy)
> @@ -252,7 +252,7 @@
> static void smsbox_to_bearerbox(void *arg)
> {
> Boxc *conn = arg;
> - Msg *msg;
> + Msg *msg, *msg_escaped;
>
> /* remove messages from socket until it is closed */
> while (sqlbox_status != SQL_DEAD && conn->alive) {
> @@ -269,7 +269,9 @@
> if (msg_type(msg) == sms) {
> debug("sqlbox", 0, "smsbox_to_bearerbox: sms received");
>
> - gw_sql_save_msg(msg, octstr_imm("MT"));
> + msg_escaped = msg_duplicate(msg);
> + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
> + msg_destroy(msg_escaped);
> }
>
> send_msg(conn->bearerbox_connection, conn, msg);
> @@ -375,7 +377,7 @@
>
> static void bearerbox_to_smsbox(void *arg)
> {
> - Msg *msg;
> + Msg *msg, *msg_escaped;
> Boxc *conn = arg;
>
> while (sqlbox_status != SQL_DEAD && conn->alive) {
> @@ -398,10 +400,12 @@
> break;
> }
> if ((msg_type(msg) == sms) &&
> (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) {
> + msg_escaped = msg_duplicate(msg);
> if (msg->sms.sms_type != report_mo)
> - gw_sql_save_msg(msg, octstr_imm("MO"));
> + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
> else
> - gw_sql_save_msg(msg, octstr_imm("DLR"));
> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
> + msg_destroy(msg_escaped);
> }
> send_msg(conn->smsbox_connection, conn, msg);
> msg_destroy(msg);
> [r...@kannel gw]#
>
>
> 2010/6/14 Alejandro Guerrieri <aguerri...@kannel.org>
>
>> svn co https://svn.kannel.org/sqlbox/trunk
>>
>> Regards,
>> --
>> Alejandro Guerrieri
>> aguerri...@kannel.org
>>
>>
>>
>> On 14/06/2010, at 12:38, Emmanuel CHANSON wrote:
>>
>> And what is the cvs/svn url for sqlbox?
>>
>> :)
>>
>> Emmanuel
>>
>> 2010/6/14 Alejandro Guerrieri <aguerri...@kannel.org>
>>
>>> Maybe Renee applied the patch against latest CVS/SVN instead?
>>>
>>> There's some updates on SVN that are not on 0.7.2.
>>> --
>>> Alejandro Guerrieri
>>> aguerri...@kannel.org
>>>
>>>
>>>
>>> On 14/06/2010, at 12:31, Emmanuel CHANSON wrote:
>>>
>>> Using "Assume -R" equal to yes it seems the patch is not applied (I
>>> checked the sqlbox.c file after and no occurence of msg_escaped for
>>> instance).
>>>
>>> Alex where to downloaded the latest version of sqlbox? The one I got was
>>> from your website.
>>> BTW I try to apply the patch on the original source I have kept
>>> (sqlbox-0.7.2.tar.gz) but I got the same error.
>>>
>>> BR,
>>>
>>> Emmanuel
>>>
>>> 2010/6/14 Tomasz <ad...@impexrur.pl>
>>>
>>>> Hi,
>>>>
>>>> Try to use -R option with path or press "y" when "Assume -R? [n]"
>>>> displays.
>>>>
>>>> Regards,
>>>> Tomasz
>>>>
>>>> W Twoim liście datowanym 14 czerwca 2010 (11:46:40) można przeczytać:
>>>>
>>>> > Hello Rene,
>>>>
>>>> > Trying to patch gw/sqlbox.c I got this error, is it an issue?
>>>>
>>>> > [r...@kannel gw]# patch -p0 sqlbox.c sql-escape.patch
>>>> > patching file sqlbox.c
>>>> > patching file sqlbox.c
>>>> > Hunk #1 FAILED at 82.
>>>> > 1 out of 1 hunk FAILED -- saving rejects to file sqlbox.c.rej
>>>> > patching file sqlbox.c
>>>> > Reversed (or previously applied) patch detected! Assume -R? [n] n
>>>> > Apply anyway? [n] y
>>>> > Hunk #1 FAILED at 252.
>>>> > Hunk #2 FAILED at 269.
>>>> > Hunk #3 FAILED at 375.
>>>> > Hunk #4 FAILED at 398.
>>>> > 4 out of 4 hunks FAILED -- saving rejects to file sqlbox.c.rej
>>>> > [r...@kannel gw]#
>>>>
>>>>
>>>>
>>>>
>>>> > [r...@kannel gw]# cat sqlbox.c.rej
>>>> > Index: sb-config.h.in
>>>> > --- sb-config.h.in (revision 28)
>>>> > +++ sb-config.h.in (working copy)
>>>> > @@ -82,10 +82,6 @@
>>>> > /* Define to 1 if you have the <unistd.h> header file. */
>>>> > #undef HAVE_UNISTD_H
>>>>
>>>> > -/* Define to the sub-directory in which libtool stores uninstalled
>>>> > libraries.
>>>> > - */
>>>> > -#undef LT_OBJDIR
>>>> > -
>>>> > /* Name of package */
>>>> > #undef PACKAGE
>>>>
>>>> > Index: gw/sqlbox.c
>>>> > --- gw/sqlbox.c (revision 28)
>>>> > +++ gw/sqlbox.c (working copy)
>>>> > @@ -252,7 +252,7 @@
>>>> > static void smsbox_to_bearerbox(void *arg)
>>>> > {
>>>> > Boxc *conn = arg;
>>>> > - Msg *msg;
>>>> > + Msg *msg, *msg_escaped;
>>>>
>>>> > /* remove messages from socket until it is closed */
>>>> > while (sqlbox_status != SQL_DEAD && conn->alive) {
>>>> > @@ -269,7 +269,9 @@
>>>> > if (msg_type(msg) == sms) {
>>>> > debug("sqlbox", 0, "smsbox_to_bearerbox: sms received");
>>>>
>>>> > - gw_sql_save_msg(msg, octstr_imm("MT"));
>>>> > + msg_escaped = msg_duplicate(msg);
>>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
>>>> > + msg_destroy(msg_escaped);
>>>> > }
>>>>
>>>> > send_msg(conn->bearerbox_connection, conn, msg);
>>>> > @@ -375,7 +377,7 @@
>>>>
>>>> > static void bearerbox_to_smsbox(void *arg)
>>>> > {
>>>> > - Msg *msg;
>>>> > + Msg *msg, *msg_escaped;
>>>> > Boxc *conn = arg;
>>>>
>>>> > while (sqlbox_status != SQL_DEAD && conn->alive) {
>>>> > @@ -398,10 +400,12 @@
>>>> > break;
>>>> > }
>>>> > if ((msg_type(msg) == sms) &&
>>>> > (strcmp(octstr_get_cstr(msg->sms.msgdata),"ACK/") != 0)) {
>>>> > + msg_escaped = msg_duplicate(msg);
>>>> > if (msg->sms.sms_type != report_mo)
>>>> > - gw_sql_save_msg(msg, octstr_imm("MO"));
>>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
>>>> > else
>>>> > - gw_sql_save_msg(msg, octstr_imm("DLR"));
>>>> > + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
>>>> > + msg_destroy(msg_escaped);
>>>> > }
>>>> > send_msg(conn->smsbox_connection, conn, msg);
>>>> > msg_destroy(msg);
>>>> > [r...@kannel gw]#
>>>>
>>>> > Regards,
>>>>
>>>> > Emmanuel
>>>>
>>>>
>>>>
>>>> > 2010/6/13 Rene Kluwen <rene.klu...@chimit.nl>
>>>>
>>>> >> msg_duplicate is the normal function from msg.h. No special meaning.
>>>> >>
>>>> >> What happens is that gw_sql_save has a side effect. It escapes all
>>>> text
>>>> >> strings with a backslash before the "'" sign because it displays them
>>>> in
>>>> >> the
>>>> >> INSERT INTO... statement in the database.
>>>> >> When I designed the function I was under the impression that it
>>>> escaped the
>>>> >> strings in a copy... But apparently it doesn't.
>>>> >>
>>>> >> What happens in the "old" version is that gw_sql_save_msg escapes the
>>>> >> strings inline and later it does a "send_msg(conn->smsbox_connection,
>>>> conn,
>>>> >> msg)" with the same message... which has a backslash in front of the
>>>> "'".
>>>> >>
>>>> >> By duplicating the message before calling the gw_sql_save_msg, this
>>>> >> behavior
>>>> >> is eliminated.
>>>> >>
>>>> >> Someone on the mailinglist (Tomasz) has already confirmed that the
>>>> problem
>>>> >> has been solved with this patch.
>>>> >>
>>>> >> == Rene
>>>> >>
>>>> >>
>>>> >>
>>>> >> -----Original Message-----
>>>> >> From: Alejandro Guerrieri [mailto:aguerri...@kannel.org]
>>>> >> Sent: vrijdag 11 juni 2010 23:52
>>>> >> To: Rene Kluwen
>>>> >> Cc: 'Tomasz'; 'Kannel list'; de...@kannel.org
>>>> >> Subject: Re: [PATCH] RE: Messages with php stripslashes
>>>> >>
>>>> >> + msg_escaped = msg_duplicate(msg);
>>>> >> if (msg->sms.sms_type != report_mo)
>>>> >> - gw_sql_save_msg(msg, octstr_imm("MO"));
>>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MO"));
>>>> >> else
>>>> >> - gw_sql_save_msg(msg, octstr_imm("DLR"));
>>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("DLR"));
>>>> >> + msg_destroy(msg_escaped);
>>>> >>
>>>> >> and
>>>> >>
>>>> >> - gw_sql_save_msg(msg, octstr_imm("MT"));
>>>> >> + msg_escaped = msg_duplicate(msg);
>>>> >> + gw_sql_save_msg(msg_escaped, octstr_imm("MT"));
>>>> >> + msg_destroy(msg_escaped);
>>>> >>
>>>> >> (and other similar lines)
>>>> >>
>>>> >> You're duplicating the msg to msg_escaped and then running the same
>>>> >> gw_sql_save_msg function? What difference does it make?
>>>> >>
>>>> >> Or maybe msg_duplicate does some escaping magic I'm not aware of? If
>>>> >> msg_duplicate does what the name says, I don't see what's changed.
>>>> >>
>>>> >> Regards,
>>>> >>
>>>> >> Alex
>>>> >> --
>>>> >> Alejandro Guerrieri
>>>> >> aguerri...@kannel.org
>>>> >>
>>>> >>
>>>> >>
>>>> >> On 11/06/2010, at 23:25, Rene Kluwen wrote:
>>>> >>
>>>> >> > Sorry for crossposting. But I think the users are allowed to know
>>>> what is
>>>> >> > going on, even if this is a developers matter.
>>>> >> >
>>>> >> > I think I found the solution to the problem below, which affects
>>>> all
>>>> >> > smsbox->sqlbox->bearerbox users.
>>>> >> >
>>>> >> > I must admit: Haven't tested it yet. But it should work.
>>>> >> >
>>>> >> > See attached patch. Votes?
>>>> >> >
>>>> >> >
>>>> >> > -----Original Message-----
>>>> >> > From: users-boun...@kannel.org [mailto:users-boun...@kannel.org]
>>>> On
>>>> >> Behalf
>>>> >> > Of Tomasz
>>>> >> > Sent: vrijdag 11 juni 2010 15:10
>>>> >> > To: Kannel list
>>>> >> > Subject: Re: Messages with php stripslashes
>>>> >> >
>>>> >> > Hi,
>>>> >> >
>>>> >> > I've got the same issue - when we send MT message by CGI which
>>>> >> > contains ' sign, the recipient gets \' (escaped '). When we inject
>>>> MT
>>>> >> > directly to MySQL Database, recipient get only ' sing (valid!).
>>>> >> >
>>>> >> > Our configuration is:
>>>> >> >
>>>> >> > PHP MT PUSH - SMSBOX - SQLBOX - BEARERBOX - SMSC
>>>> >> >
>>>> >> > The problem is caused probably by SQLBOX - somewhere there must be
>>>> >> > some kind of addslashes function. Escaped sign is being delivered
>>>> to
>>>> >> > BEARERBOX. I've tried to find this is source code but I was unable.
>>>> >> >
>>>> >> > Have someone fixed this problem yet?
>>>> >> >
>>>> >> > Thanks
>>>> >> > Tomasz
>>>> >> >
>>>> >> > W Twoim liście datowanym 24 maja 2010 (02:05:22) można przeczytać:
>>>> >> >
>>>> >> >> I have posted some weeks ago a similar issue with sqlbox but it is
>>>> not
>>>> >> >> resolved for the moment, Alejandro to check on his side to
>>>> reproduce the
>>>> >> >> issue.
>>>> >> >
>>>> >> >> Check my post in the mailling list archive to see if it the same
>>>> >> problem:
>>>> >> >
>>>> >> >> Object: *Quote and backslash issue*
>>>> >> >
>>>> >> >> As you when using CGI interface to send a SMS I got the quote
>>>> escaped on
>>>> >> > the
>>>> >> >> mobile, BUT when using directly SQL injection on sqlbox it works
>>>> >> > correctly.
>>>> >> >
>>>> >> >> Regards,
>>>> >> >
>>>> >> >> Emmanuel
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > <sql-escape.patch>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Emmanuel
>>>
>>> CHANSON Emmanuel
>>> Mobile Nouvelle-Calédonie: +687.77.35.02
>>> Mobile France: +33 (0) 6.68.03.89.56
>>> @email : emmanuelchan...@gmail.com
>>>
>>>
>>>
>>
>>
>> --
>> Emmanuel
>>
>> CHANSON Emmanuel
>> Mobile Nouvelle-Calédonie: +687.77.35.02
>> Mobile France: +33 (0) 6.68.03.89.56
>> @email : emmanuelchan...@gmail.com
>>
>>
>>
>
>
> --
> Emmanuel
>
> CHANSON Emmanuel
> Mobile Nouvelle-Calédonie: +687.77.35.02
> Mobile France: +33 (0) 6.68.03.89.56
> @email : emmanuelchan...@gmail.com
>
--
Emmanuel
CHANSON Emmanuel
Mobile Nouvelle-Calédonie: +687.77.35.02
Mobile France: +33 (0) 6.68.03.89.56
@email : emmanuelchan...@gmail.com
