Mailing List Archive

Strange ic behavior with png image usertag created
With Variable DEBUG 1 in main configuration file interchange.cfg all
goes well but without ic DEBUG 1 web browser give
Internal Server Error and apache error.log give this:

[Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
192.168.11.2:58795] AH02429: Response header name 'libpng warning'
contains invalid characters, aborting request, referer: ...

... to ic page from where i call the usetag that give the error.

Searching for this issue I have find this apache page:
https://blog.tigertech.net/posts/apache-cve-2016-8743/
that give responsability to malformed http header.

my enviro:
- Debian GNU/Linux 9
- Interchange V5.10.0
- perl 5.24.1

Any suggestions ?

P.S.
I try to attach the usertag and the complete url that give the error but
mailer bounce back the message for suspicious header

--
"Fino alla bara sinpara"
"Up to demise we rize"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Strange ic behavior with png image usertag created [ In reply to ]
With Variable DEBUG 1 in main configuration file interchange.cfg all
goes well but without DEBUG apache (not ic) give this error:

[Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
192.168.11.2:58795] AH02429: Response header name 'libpng warning'
contains invalid characters, aborting request,
referer:
https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=09&mese=11&anno=2016&giorno2=09&mese2=12&anno2=2016&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=

Searching for this issue I have find this apache page:
https://blog.tigertech.net/posts/apache-cve-2016-8743/
that give responsability to malformed http header.

my enviro:
- Debian GNU/Linux 9
- Interchange V5.10.0
- perl 5.24.1

Attached usertag that create the image.

Any suggestions ?

--
"Fino alla bara sinpara"
"Up to demise we rize"
Re: Strange ic behavior with png image usertag created [ In reply to ]
> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it> wrote:
>
> With Variable DEBUG 1 in main configuration file interchange.cfg all goes well but without ic DEBUG 1 web browser give
> Internal Server Error and apache error.log give this:
>
> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client 192.168.11.2:58795] AH02429: Response header name 'libpng warning' contains invalid characters, aborting request, referer: ...
>
> ... to ic page from where i call the usetag that give the error.
>
> Searching for this issue I have find this apache page:
> https://blog.tigertech.net/posts/apache-cve-2016-8743/
> that give responsability to malformed http header.
>
> my enviro:
> - Debian GNU/Linux 9
> - Interchange V5.10.0
> - perl 5.24.1
>
> Any suggestions ?
>
> P.S.
> I try to attach the usertag and the complete url that give the error but mailer bounce back the message for suspicious header


This information would be the most helpful; any way you can paste at an external site and provide a link?

Best,

David
--
David Christensen
End Point Corporation
david@endpoint.com
785-727-1171
Re: Strange ic behavior with png image usertag created [ In reply to ]
Il 10/12/2017 04:03, David Christensen ha scritto:
>
>
>> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it
>> <mailto:m.mescoli@omnib.it>> wrote:
>>
>> With Variable DEBUG 1 in main configuration file interchange.cfg all
>> goes well but without ic DEBUG 1 web browser give
>> Internal Server Error and apache error.log give this:
>>
>> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
>> 192.168.11.2:58795] AH02429: Response header name 'libpng warning'
>> contains invalid characters, aborting request, referer: ...
>>
>> ... to ic page from where i call the usetag that give the error.
>>
>> Searching for this issue I have find this apache page:
>> https://blog.tigertech.net/posts/apache-cve-2016-8743/
>> that give responsability to malformed http header.
>>
>> my enviro:
>> - Debian GNU/Linux 9
>> - Interchange V5.10.0
>> - perl 5.24.1
>>
>> Any suggestions ?
>>
>> P.S.
>> I try to attach the usertag and the complete url that give the error
>> but mailer bounce back the message for suspicious header
>
> This information would be the most helpful; any way you can paste at an
> external site and provide a link?
>
> Best,
>
> David
> --
> David Christensen
> End Point Corporation
> david@endpoint.com <mailto:david@endpoint.com>
> 785-727-1171
>
>
>
>
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users


Thanks David :-) this is the link:

https://drive.google.com/drive/folders/1iDphKySQ24RfmEx7ufUD_F9pOreFLt1G?usp=sharing

--
"Fino alla bara sinpara"
"Up to demise we rize"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Re: Strange ic behavior with png image usertag created [ In reply to ]
Il 10/12/2017 08:44, marco ha scritto:
> Il 10/12/2017 04:03, David Christensen ha scritto:
>>
>>
>>> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it
>>> <mailto:m.mescoli@omnib.it>> wrote:
>>>
>>> With Variable DEBUG 1 in main configuration file interchange.cfg all
>>> goes well but without ic DEBUG 1 web browser give
>>> Internal Server Error and apache error.log give this:
>>>
>>> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
>>> 192.168.11.2:58795] AH02429: Response header name 'libpng warning'
>>> contains invalid characters, aborting request, referer: ...
>>>
>>> ... to ic page from where i call the usetag that give the error.
>>>
>>> Searching for this issue I have find this apache page:
>>> https://blog.tigertech.net/posts/apache-cve-2016-8743/
>>> that give responsability to malformed http header.
>>>
>>> my enviro:
>>> - Debian GNU/Linux 9
>>> - Interchange V5.10.0
>>> - perl 5.24.1
>>>
>>> Any suggestions ?
>>>
>>> P.S.
>>> I try to attach the usertag and the complete url that give the error
>>> but mailer bounce back the message for suspicious header
>>
>> This information would be the most helpful; any way you can paste at an
>> external site and provide a link?
>>
>> Best,
>>
>> David
>> --
>> David Christensen
>> End Point Corporation
>> david@endpoint.com <mailto:david@endpoint.com>
>> 785-727-1171
Some other tries reveal that the problem is not DEBUG global var but
bound to the declaration of DebugFile in the main interchange.cfg
configuration files. With commented line:

#Variable DEBUG 1

if I declare out of the the block ifdef @DEBUG this line:

DebugFile debug.log

i can display the chart pie, without or commented this declaration I obtain:

Internal Server Error

and this log from apache2 (Apache/2.4.25 (Debian)):
[Wed Dec 13 17:31:17.115286 2017] [http:error] [pid 1054] [client
192.168.11.2:34071] AH02429: Response header name 'libpng warning'
contains invalid characters, aborting request, referer:
https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27

--
"Fino alla bara sinpara"
"Up to demise we rize"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Re: Strange ic behavior with png image usertag created [ In reply to ]
I’m definitely curious about the specific error from libpng. Can you try running the equivalent UserTag code in pure perl and see what GD is complaining about?

> On Dec 13, 2017, at 10:52 AM, marco <m.mescoli@omnib.it> wrote:
>
> Il 10/12/2017 08:44, marco ha scritto:
>> Il 10/12/2017 04:03, David Christensen ha scritto:
>>>
>>>
>>>> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it
>>>> <mailto:m.mescoli@omnib.it>> wrote:
>>>>
>>>> With Variable DEBUG 1 in main configuration file interchange.cfg all
>>>> goes well but without ic DEBUG 1 web browser give
>>>> Internal Server Error and apache error.log give this:
>>>>
>>>> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
>>>> 192.168.11.2:58795] AH02429: Response header name 'libpng warning'
>>>> contains invalid characters, aborting request, referer: ...
>>>>
>>>> ... to ic page from where i call the usetag that give the error.
>>>>
>>>> Searching for this issue I have find this apache page:
>>>> https://blog.tigertech.net/posts/apache-cve-2016-8743/
>>>> that give responsability to malformed http header.
>>>>
>>>> my enviro:
>>>> - Debian GNU/Linux 9
>>>> - Interchange V5.10.0
>>>> - perl 5.24.1
>>>>
>>>> Any suggestions ?
>>>>
>>>> P.S.
>>>> I try to attach the usertag and the complete url that give the error
>>>> but mailer bounce back the message for suspicious header
>>>
>>> This information would be the most helpful; any way you can paste at an
>>> external site and provide a link?
>>>
>>> Best,
>>>
>>> David
>>> --
>>> David Christensen
>>> End Point Corporation
>>> david@endpoint.com <mailto:david@endpoint.com>
>>> 785-727-1171
> Some other tries reveal that the problem is not DEBUG global var but bound to the declaration of DebugFile in the main interchange.cfg configuration files. With commented line:
>
> #Variable DEBUG 1
>
> if I declare out of the the block ifdef @DEBUG this line:
>
> DebugFile debug.log
>
> i can display the chart pie, without or commented this declaration I obtain:
>
> Internal Server Error
>
> and this log from apache2 (Apache/2.4.25 (Debian)):
> [Wed Dec 13 17:31:17.115286 2017] [http:error] [pid 1054] [client 192.168.11.2:34071] AH02429: Response header name 'libpng warning' contains invalid characters, aborting request, referer: https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27 <https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27>
>
> --
> "Fino alla bara sinpara"
> "Up to demise we rize"
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org <mailto:interchange-users@icdevgroup.org>
> http://www.icdevgroup.org/mailman/listinfo/interchange-users <http://www.icdevgroup.org/mailman/listinfo/interchange-users>
--
David Christensen
End Point Corporation
david@endpoint.com
785-727-1171
Re: Strange ic behavior with png image usertag created [ In reply to ]
It definitely sounds like the library is issuing a warning that gets output to the browser before the actual headers, so fixing this error would solve the issue.

> On Dec 13, 2017, at 11:01 AM, David Christensen <david@endpoint.com> wrote:
>
> I’m definitely curious about the specific error from libpng. Can you try running the equivalent UserTag code in pure perl and see what GD is complaining about?
>
>> On Dec 13, 2017, at 10:52 AM, marco <m.mescoli@omnib.it <mailto:m.mescoli@omnib.it>> wrote:
>>
>> Il 10/12/2017 08:44, marco ha scritto:
>>> Il 10/12/2017 04:03, David Christensen ha scritto:
>>>>
>>>>
>>>>> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it <mailto:m.mescoli@omnib.it>
>>>>> <mailto:m.mescoli@omnib.it <mailto:m.mescoli@omnib.it>>> wrote:
>>>>>
>>>>> With Variable DEBUG 1 in main configuration file interchange.cfg all
>>>>> goes well but without ic DEBUG 1 web browser give
>>>>> Internal Server Error and apache error.log give this:
>>>>>
>>>>> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
>>>>> 192.168.11.2:58795] AH02429: Response header name 'libpng warning'
>>>>> contains invalid characters, aborting request, referer: ...
>>>>>
>>>>> ... to ic page from where i call the usetag that give the error.
>>>>>
>>>>> Searching for this issue I have find this apache page:
>>>>> https://blog.tigertech.net/posts/apache-cve-2016-8743/ <https://blog.tigertech.net/posts/apache-cve-2016-8743/>
>>>>> that give responsability to malformed http header.
>>>>>
>>>>> my enviro:
>>>>> - Debian GNU/Linux 9
>>>>> - Interchange V5.10.0
>>>>> - perl 5.24.1
>>>>>
>>>>> Any suggestions ?
>>>>>
>>>>> P.S.
>>>>> I try to attach the usertag and the complete url that give the error
>>>>> but mailer bounce back the message for suspicious header
>>>>
>>>> This information would be the most helpful; any way you can paste at an
>>>> external site and provide a link?
>>>>
>>>> Best,
>>>>
>>>> David
>>>> --
>>>> David Christensen
>>>> End Point Corporation
>>>> david@endpoint.com <mailto:david@endpoint.com> <mailto:david@endpoint.com <mailto:david@endpoint.com>>
>>>> 785-727-1171
>> Some other tries reveal that the problem is not DEBUG global var but bound to the declaration of DebugFile in the main interchange.cfg configuration files. With commented line:
>>
>> #Variable DEBUG 1
>>
>> if I declare out of the the block ifdef @DEBUG this line:
>>
>> DebugFile debug.log
>>
>> i can display the chart pie, without or commented this declaration I obtain:
>>
>> Internal Server Error
>>
>> and this log from apache2 (Apache/2.4.25 (Debian)):
>> [Wed Dec 13 17:31:17.115286 2017] [http:error] [pid 1054] [client 192.168.11.2:34071] AH02429: Response header name 'libpng warning' contains invalid characters, aborting request, referer: https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27 <https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27>
>>
>> --
>> "Fino alla bara sinpara"
>> "Up to demise we rize"
>>
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users@icdevgroup.org <mailto:interchange-users@icdevgroup.org>
>> http://www.icdevgroup.org/mailman/listinfo/interchange-users <http://www.icdevgroup.org/mailman/listinfo/interchange-users>
> --
> David Christensen
> End Point Corporation
> david@endpoint.com <mailto:david@endpoint.com>
> 785-727-1171
>
>
>

--
David Christensen
End Point Corporation
david@endpoint.com
785-727-1171
Re: Strange ic behavior with png image usertag created [ In reply to ]
Good analisys David. True!

Runnnig it in pure perl get the warning:
libpng warning: Interlace handling should be turned on when using
png_read_image

Found problem: warning from GD when reading firm logo to put on the pie
chart created:
my $mylogo = newFromPng GD::Image("$PATH/logo.png");

Solved with:
https://stackoverflow.com/questions/12990602/libpng-warning-interlace-handling-should-be-turned-on-when-using-png-read-image

great thanks :-)

Il 13/12/2017 18:02, David Christensen ha scritto:
> It definitely sounds like the library is issuing a warning that gets
> output to the browser before the actual headers, so fixing this error
> would solve the issue.
>
>> On Dec 13, 2017, at 11:01 AM, David Christensen <david@endpoint.com
>> <mailto:david@endpoint.com>> wrote:
>>
>> I?m definitely curious about the specific error from libpng. Can you
>> try running the equivalent UserTag code in pure perl and see what GD
>> is complaining about?
>>
>>> On Dec 13, 2017, at 10:52 AM, marco <m.mescoli@omnib.it
>>> <mailto:m.mescoli@omnib.it>> wrote:
>>>
>>> Il 10/12/2017 08:44, marco ha scritto:
>>>> Il 10/12/2017 04:03, David Christensen ha scritto:
>>>>>
>>>>>
>>>>>> On Dec 9, 2017, at 4:05 PM, marco <m.mescoli@omnib.it
>>>>>> <mailto:m.mescoli@omnib.it>
>>>>>> <mailto:m.mescoli@omnib.it>> wrote:
>>>>>>
>>>>>> With Variable DEBUG 1 in main configuration file interchange.cfg all
>>>>>> goes well but without ic DEBUG 1 web browser give
>>>>>> Internal Server Error and apache error.log give this:
>>>>>>
>>>>>> [Sat Dec 09 20:26:35.274482 2017] [http:error] [pid 680] [client
>>>>>> 192.168.11.2:58795] AH02429: Response header name 'libpng warning'
>>>>>> contains invalid characters, aborting request, referer: ...
>>>>>>
>>>>>> ... to ic page from where i call the usetag that give the error.
>>>>>>
>>>>>> Searching for this issue I have find this apache page:
>>>>>> https://blog.tigertech.net/posts/apache-cve-2016-8743/
>>>>>> that give responsability to malformed http header.
>>>>>>
>>>>>> my enviro:
>>>>>> - Debian GNU/Linux 9
>>>>>> - Interchange V5.10.0
>>>>>> - perl 5.24.1
>>>>>>
>>>>>> Any suggestions ?
>>>>>>
>>>>>> P.S.
>>>>>> I try to attach the usertag and the complete url that give the error
>>>>>> but mailer bounce back the message for suspicious header
>>>>>
>>>>> This information would be the most helpful; any way you can paste at an
>>>>> external site and provide a link?
>>>>>
>>>>> Best,
>>>>>
>>>>> David
>>>>> --
>>>>> David Christensen
>>>>> End Point Corporation
>>>>> david@endpoint.com <mailto:david@endpoint.com>
>>>>> <mailto:david@endpoint.com>
>>>>> 785-727-1171
>>> Some other tries reveal that the problem is not DEBUG global var but
>>> bound to the declaration of DebugFile in the main interchange.cfg
>>> configuration files. With commented line:
>>>
>>> #Variable DEBUG 1
>>>
>>> if I declare out of the the block ifdef @DEBUG this line:
>>>
>>> DebugFile debug.log
>>>
>>> i can display the chart pie, without or commented this declaration I
>>> obtain:
>>>
>>> Internal Server Error
>>>
>>> and this log from apache2 (Apache/2.4.25 (Debian)):
>>> [Wed Dec 13 17:31:17.115286 2017] [http:error] [pid 1054] [client
>>> 192.168.11.2:34071] AH02429: Response header name 'libpng warning'
>>> contains invalid characters, aborting request,
>>> referer:https://newweb.omnib.it/cgi-bin/elcat/stat_ass.html?giorno=13&mese=11&anno=2017&giorno2=13&mese2=12&anno2=2017&min=&max=&cod_cli=&cli_order=des_cli&cod_resp=&da_chiamata=&go.x=18&go.y=27
>>>
>>> --
>>> "Fino alla bara sinpara"
>>> "Up to demise we rize"
>>>
>>> _______________________________________________
>>> interchange-users mailing list
>>> interchange-users@icdevgroup.org
>>> <mailto:interchange-users@icdevgroup.org>
>>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>>
>> --
>> David Christensen
>> End Point Corporation
>> david@endpoint.com <mailto:david@endpoint.com>
>> 785-727-1171
>>
>>
>>
>
> --
> David Christensen
> End Point Corporation
> david@endpoint.com <mailto:david@endpoint.com>
> 785-727-1171
>
>
>
>
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>


--
"Fino alla bara sinpara"
"Up to demise we rize"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users