https://bugzilla.balabit.com/show_bug.cgi?id=83 Summary: sql (oracle) queries dont escape single quotes Product: syslog-ng Version: 3.1.x Platform: Other OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: bugzilla.syslogng@feystorm.net Type of the Report: --- Estimated Hours: 0.0 SQL inserts with values containing single quotes dont escape the quotes causing the inserts to fail. Jun 1 22:08:24 slider syslog-ng.515[20417]: Error running SQL query; type='oracle', host='', port='', user='report_agent', database='oru23', error='1400: ORA-01400: cannot insert NULL into ("CMS_DBO"."MESSAGE_TRACKING"."MSGID")\x0a', query='INSERT INTO cms_dbo.message_tracking (host, msg_dt, pname, message, msgid, xid, from_name, from_domain, to_name, to_domain, addr) VALUES (\'iceman.dev.usa.net\', \'2010-06-01 22:08:22\', \'smtad\', \'[4155186080] 000000007 ok XID: XID007oFawiw8111Xem MsgID: <4C0584D4.50007@devo0402.dev.usa.net> Dest: cms:gwsin IP: 165.212.101.13 From: <phemmer@devo0402.dev.usa.net> Rcpt: <phemmer@devo0402.dev.usa.net> Subject: \'\'Re: asdf\'\' Size: 22400 Response: 250 Mail accepted (292oFawiw3072Mem)\', NULL, \'XID007oFawiw8111Xem\', \'phemmer\', \'devo0402.dev.usa.net\', \'phemmer\', \'devo0402.dev.usa.net\', \'165.212.101.13\')' The part that is causing the problem is the 'message' field with value: [4155186080] 000000007 ok XID: XID007oFawiw8111Xem MsgID: <4C0584D4.50007@devo0402.dev.usa.net> Dest: cms:gwsin IP: 165.212.101.13 From: <phemmer@devo0402.dev.usa.net> Rcpt: <phemmer@devo0402.dev.usa.net> Subject: ''Re: asdf'' Size: 22400 Response: 250 Mail accepted (292oFawiw3072Mem) ^^that is what is passed in the insert statement. As you can see, there are 2 single-quotes around the subject. The string as it gets passed to syslog-ng is: ...Subject: 'Re: asdf' Size... So instead of escaping the single quote, it adds another quote. The afsql.c code calls dbi_conn_quote_string_copy to escape it, but this is obviously failing to do so (and not only fails, but for some reason adds a second quote. I'm attempting to find a simple fix for this, but there doesnt appear to be a clean & proper way of doing this. But I'll keep digging as this is a fairly significant flaw which I have to get fixed before using this in production. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.