[ic] Vend::Track lengthy headers cause ISEs in Apache

Brian J. Miller wiggins at danconia.org
Thu May 20 18:30:21 UTC 2010 

Spent quite a while tracking this one down today, it would be a rather 
unusual occurrence, but if you have Track enabled and "excessively" long 
values for various data fields, such as code, description, category then 
when IC provides an outputted response and includes the X-Track header 
most versions of Apache will fall over returning a 500 Internal Server 
Error whenever the header's value hits the 8kb mark.

The calling code is in Vend::Server line 719,

# TRACK
     print $fh canon_status("X-Track: " . $Vend::Track->header())
         if $Vend::Track and $Vend::Cfg->{UserTrack};
# END TRACK



And the header() code is at "fault":



# HEADER

my %hdrsubs = ('ADDITEM' => sub {my $href = shift; join (',', 
$href->{'code'}, $href->{'description'});},
                'ORDER' => sub {my $href = shift; 
$::Values->{mv_order_number}},
                'ORDERINFO' => sub {my $href = shift;
                                join ('/',
                                      join ("\t", $href->{'total'}, 
$href->{'payment'}, $href->{'shipmode'}),
                                      map {join ("\t", $_->{'code'},
                                                $_->{'description'},
                                                $_->{'category'},
                                                $_->{'quantity'},
                                                $_->{'price'})}
                                      @{$href->{'items'}});},
                'VIEWPAGE' => sub {my $href = shift; join ("\t", 
$href->{'page'}, @{$href->{'params'}})},
                'VIEWPROD' => sub {my $href = shift; join ("\t", 
$href->{'code'}, $href->{'description'}, $href->{'category'});});

sub header {
     my ($self) = @_;
     my (@hdr, $href);

     push(@hdr, "SESSION=$Vend::SessionID");
     for my $aref (@{$self->{actions}}) {
         $href = $aref->[1];
         if (exists $hdrsubs{$aref->[0]}) {
             push(@hdr, $aref->[0] . '=' . &{$hdrsubs{$aref->[0]}} 
($aref->[1]));
         }
         else {
             push(@hdr, "$aref->[0]=$aref->[1]");
         }
     }
     for(@hdr) {
         s/\n/<LF>/g;
         s/\r/<CR>/g;
     }
     join('&', at hdr);
}


Not sure what the preferred resolution would be. Personally I'd probably 
truncate the data and throw a warning message. Generally I'd think 
anything would be better than an ISE.

-- 
Brian J. Miller
End Point Corp.
http://www.endpoint.com/
brian at endpoint.com

More information about the interchange-users mailing list