[ic] Vend::Track lengthy headers cause ISEs in Apache

Brian J. Miller wiggins at danconia.org
Thu May 20 18:30:21 UTC 2010

Spent quite a while tracking this one down today, it would be a rather 
unusual occurrence, but if you have Track enabled and "excessively" long 
values for various data fields, such as code, description, category then 
when IC provides an outputted response and includes the X-Track header 
most versions of Apache will fall over returning a 500 Internal Server 
Error whenever the header's value hits the 8kb mark.

The calling code is in Vend::Server line 719,

     print $fh canon_status("X-Track: " . $Vend::Track->header())
         if $Vend::Track and $Vend::Cfg->{UserTrack};

And the header() code is at "fault":


my %hdrsubs = ('ADDITEM' => sub {my $href = shift; join (',', 
$href->{'code'}, $href->{'description'});},
                'ORDER' => sub {my $href = shift; 
                'ORDERINFO' => sub {my $href = shift;
                                join ('/',
                                      join ("\t", $href->{'total'}, 
$href->{'payment'}, $href->{'shipmode'}),
                                      map {join ("\t", $_->{'code'},
                'VIEWPAGE' => sub {my $href = shift; join ("\t", 
$href->{'page'}, @{$href->{'params'}})},
                'VIEWPROD' => sub {my $href = shift; join ("\t", 
$href->{'code'}, $href->{'description'}, $href->{'category'});});

sub header {
     my ($self) = @_;
     my (@hdr, $href);

     push(@hdr, "SESSION=$Vend::SessionID");
     for my $aref (@{$self->{actions}}) {
         $href = $aref->[1];
         if (exists $hdrsubs{$aref->[0]}) {
             push(@hdr, $aref->[0] . '=' . &{$hdrsubs{$aref->[0]}} 
         else {
             push(@hdr, "$aref->[0]=$aref->[1]");
     for(@hdr) {
     join('&', at hdr);

Not sure what the preferred resolution would be. Personally I'd probably 
truncate the data and throw a warning message. Generally I'd think 
anything would be better than an ISE.

Brian J. Miller
End Point Corp.
brian at endpoint.com

More information about the interchange-users mailing list