rejetto forum

Software => HFS ~ HTTP File Server => Bug reports => Topic started by: username1565 on March 15, 2019, 05:18:47 PM

Title: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: username1565 on March 15, 2019, 05:18:47 PM
Cann't load the page from server, using latest HFS v2.3m .
I see the following error in browser: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH

In console.log browser, I see the following errors:

GET http://192.168.0.10/ net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH http://192.168.0.10/:1
GET http://192.168.0.10/ net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH http://192.168.0.10/:1
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: username1565 on March 15, 2019, 09:21:00 PM
Latest version: 2.3m

https://www.virustotal.com/#/file/e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c/detection
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: LeoNeeson on March 16, 2019, 06:14:27 AM
@username1565: You also posted a possible 'exploit' here (https://rejetto.com/forum/index.php?topic=11619.msg1064459#msg1064459), and now by seeing this error I would suggest you may need to do a complete scan with an 'offline' antivirus on your system (since that error is not normal). You can choose one option from THIS (https://www.lifewire.com/free-bootable-antivirus-tools-2625785) or THIS (https://www.techsupportall.com/best-bootable-antivirus-rescue-severely-infected-computer/) list. As far I know, is impossible that HFS had make those *.vbs files, so, I'm almost sure you have something wrong on your PC.

Just to be sure the problem is related to HFS, is recommended that you open HFS alone, starting with a new clean configuration (and without using any modified template). To do this, copy "hfs.exe" in a new folder (which should be clean, without any other files inside), and you also need to create (an put in that same folder), an empty text file named "hfs.ini" (or else HFS will use the settings stored in your Windows registry). And before running your new clean HFS, you must close any other HFS instance you may have running, and it's also recommended to stop any other web server you could be running. That way, if you find an error, it will be more related to HFS than to any other software you could have running.

About v2.3m, the file checksum (https://www.virustotal.com/en/file/e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c/analysis/) is fine, so you can safely ignore all those 'false positives'. The antivirus industry is getting more and more useless and rude, along with using a kind of extortion technique, forcing developers 'code signing (https://en.wikipedia.org/wiki/Code_signing)' their software. Most of those 'false positives' are reporting a PUA (Potentially Unwanted Application) (https://www.virusradar.com/en/glossary/pua), just because HFS is a web server (which on theory could 'leak' files from a computer, but that's of course the nature of any web server: sharing files the user choose).

Although is very important to report bugs or errors (and it's appreciated), any reported error must be reproducible, and you should give detailed steps to reproduce the issue.

;) » You could find this an interesting read: How to write a good bug report? (https://www.softwaretestinghelp.com/how-to-write-good-bug-report/) (Example (https://www.softwaretestinghelp.com/sample-bug-report/))
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: username1565 on March 16, 2019, 11:18:00 AM
@LeoNeeson,
Here (http://rejetto.com/forum/index.php?topic=11619.msg1064459#msg1064459), I just using this lite-version of hfs.exe. I cann't attach this file, because this have size 700KB (> 500KB).

MultiHasher - says about following hashes for this lite hfs.exe:
CRC-32: 2536BFB5
MD5: 1C14ECE37D3872A0DDD31EA68AC26B14
RIPEMD-160: FC18AE5137C443B2D39A43F8C56D37ED07909C8F
SHA-1: 4828FDB6CF6B86D87CD63BF46B262D312BCE8C66
SHA-256: FF411E98E16D691AA5FEB07432961B957DA65370871DE6322BA586EF59E92A94
SHA-384: C9710DCC39362851328CB9C4DF1E49DE996BB862136D77C77C09AC2459795EFB75782A24BF47672C99BC1B1D635B92F2
SHA-512: 45A337A2D9AEA3374A5AF77BF19ACA0E3AC0DFEA320C9B1AE5A4D2F3A72B0BEF1B2D8D590C99CA36FB29D7870DEE659CBE4834A1C444921329F6F015A63EC15A

And maybe you can find this file by this hashes in your full repositary, and test this.

Google query by sha256 return me back the link on virustotal:
https://www.virustotal.com/ru/file/ff411e98e16d691aa5feb07432961b957da65370871de6322ba586ef59e92a94/analysis/1517840264/
and I see the version of this file: hfs2.3a_289.

Why I use this lite version?
Just Because HFS v2.3m(2MBytes) return me the error in the first post of this thread!
I see ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH in console of browser,
just when I try to load the page from this server...

I didn't have any problem with previous lite-version HFS (700Kbytes),
up to yesterday. Because yesterday I saw this %TEMP% folder (http://rejetto.com/forum/index.php?topic=11619.msg1064459#msg1064459).

What logs do you need? Where I can see this on Windows 8.1? I don't understand...

And... How to using HFS.exe v2.3m (2MBytes),
without that console.log error: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH?

I did check my hard disk, using Comodo Internet Security Premium 11, and not found any viruses.
%TEMP% folder was been renamed.
Virtual File Systems.vfs was been damaged.
Some backups of file-systems files was contains some macroses, and was been renamed.
Now my lite version working good, but... I'm not sure that this will be stable...

UPDATE:
Now, I'm using hfs_v2.3k.exe (https://osdn.net/projects/libraryzip/downloads/68510/hfs.exe/) 2.38 МB (2 501 632 Bytes), with hashes:
MD5: 369B251EB6D24F63C95273F357359669
RIPEMD-160: A2038CF37927DABD66FC0808ED6804AB876AC783
SHA-1: 17820F1585A08FD7B5890192F58AB9860961B064
SHA-256: 3B4AD8F1F15F1A73E99CF082AE38A821A7567B63415F57D63595BAEC079A4B07
SHA-384: EE320267F63F2118D9B7C7F4A8667444B1817527A0F8FB921418ECB69A963AD7901B0A815B136CE5E5EEE5ACFA5EAAA7
SHA-512: 305340B4A0047D81452C29EB63BBC263A921B5B6CC46AFE09D38329E966AEA411A77039671CDC2CBE7715A784025EBB3A9309EAF8AC95B868242A970FE66A1F0
Virustotal by sha256-hash: https://www.virustotal.com/ru/file/3b4ad8f1f15f1a73e99cf082ae38a821a7567b63415f57d63595baec079a4b07/analysis/1495254875/
And I don't see ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH there.

Also, this russian v2.3m (http://rejetto.com/forum/index.php?topic=13094.msg1064468#msg1064468)
working with ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH too.
Hashes you can see there.
Title: Re: New info about this possible bug...
Post by: LeoNeeson on March 16, 2019, 10:05:04 PM
OK, now we are doing some progress (your info will help Rejetto catch the bug)

» Summarizing:

HFS v2.3k (https://sourceforge.net/projects/hfs/files/HFS/2.3k/) and previous versions are working without this error.
HFS v2.3m (https://sourceforge.net/projects/hfs/files/HFS/2.3m/) gives "ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH (https://www.google.com/search?q=%22ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH%22&ie=UTF-8)"

So, according to your reports, this error was introduced on version 2.3m.

» Another important questions: you said (here (http://rejetto.com/forum/index.php?topic=12119.msg1064438#msg1064438)) that you were also running another server (to have PHP functions). Are you running that server along with HFS?. Does this error still happen when you close that another server? (this information is needed to debug this error, and to know if this is some kind of incompatibility). And lastly, what version of Chrome are you using?...

» Note to Rejetto: it seems this happens when multiple distinct 'Content-Length' headers are received. According THIS (https://stackoverflow.com/a/4738205) StackoverFlow answer, 'if you do not specify "Transfer-Encoding" and you include multiple lengths it will throw this very error'. Anyway, to me it seems a error is client side related, not directly related to the server (but you know more than me).
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: SilentPliz on March 16, 2019, 10:58:11 PM
Hi !

I think it's possible that this bug is related to this thread :

http://rejetto.com/forum/index.php?topic=13112.0
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: rejetto on March 17, 2019, 05:49:10 PM
in 2.3m i added the "Content-Length" in error pages because it was missing.
The error says you are getting multiple, but i just checked and HFS is sending one, and it is working for everybody, so the problem must be something specific on your system.
Possibly something is adding another content-length, and this was fine to Chrome with old versions, because before HFS was sending none.
Now that HFS is sending it, adding another is causing the problem.
You must find what is adding the Content-Length. It could be a plugin of the browser, an {.add header.} command somewhere in your template/events, or another server/proxy if you are not connecting directly.
I invite you to try to use HFS directly (no other servers) and with configuration reset (Menu > debug > temporarily reset options), and let us know what happens with this.
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: username1565 on March 17, 2019, 08:45:38 PM
in 2.3m i added the "Content-Length" in error pages because it was missing.
...
I invite you to try to use HFS directly (no other servers) and with configuration reset (Menu > debug > temporarily reset options),
and let us know what happens with this.
Before, and after I do this: ("Menu > debug > temporarily reset options")
I see double Content-Length in Google Chrome 73.0.3683.75
(Load page -> F12 -> network -> main page -> headers),
but the page loading good in this browser.
And in older Google Chrome and Mozilla Firefox (32 bit) - I see that error, and cann't load the page.
This is one header that was been doubled.

Can I disable this header? Can you add option in the settings, to disable this in future?

Also, my Comodo see the virus in HFS 2.3k, and blocking this automatically, after I renaming this file.
So need to unblock this anytime. HFS 2.3m not blocked, but not working anywhere,
because this header, and this error...

UPD:
I did start HFS v2.3m in Windows XP. Main page is successfully loaded.
I see two headers in the Network-tab, in Google Chrome 34.0.1847.131 m:
Quote
Accept-Ranges:bytes
Cache-Control:no-cache, no-store, must-revalidate, max-age=-1
Content-Encoding:gzip
Content-Length:44872
Content-Length:44872
Content-Type:text/html
Server:HFS 2.3m
But, I successfully loaded the main page!
So now I don't sure that problem in this header only. Maybe something else.
Because error I see, when I start HFS on Windows 8.1, and try to load the page from there.
So just compare more differences between x86 and x64 sub-programs...

Have a nice day.
Title: Re: New info about this possible bug...
Post by: username1565 on March 17, 2019, 09:08:10 PM
OK, now we are doing some progress (your info will help Rejetto catch the bug)
» Summarizing:
HFS v2.3k (https://sourceforge.net/projects/hfs/files/HFS/2.3k/) and previous versions are working without this error.
HFS v2.3m (https://sourceforge.net/projects/hfs/files/HFS/2.3m/) gives "ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH (https://www.google.com/search?q=%22ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH%22&ie=UTF-8)"

So, according to your reports, this error was introduced on version 2.3m.
Yeap, all right.

» Another important questions: you said (here (http://rejetto.com/forum/index.php?topic=12119.msg1064438#msg1064438)) that you were also running another server (to have PHP functions). Are you running that server along with HFS?. Does this error still happen when you close that another server? (this information is needed to debug this error, and to know if this is some kind of incompatibility). And lastly, what version of Chrome are you using?...
That "upload.php" file is hosted on another remote server.
This is just example with WORKING uploading progress.
I didn't host this PHP-page on any local server, and don't run any servers with HFS.
I just copied the code in single HTML, and replaced that link in that example - to the link for uploadable folder on HFS,
to test XHR-uploading there, ajax true/false, and return progress status.
HFS is not PHP-server, and to working with PHP better to using apache, or portable OpenServer.

Hi !

I think it's possible that this bug is related to this thread :

http://rejetto.com/forum/index.php?topic=13112.0
Hi, I see HFS.Events there, but I don't know how do remove Content-Length header, using this file, to test it...
Title: Re: New info about this possible bug...
Post by: LeoNeeson on March 18, 2019, 11:22:06 PM
Hi, I see HFS.Events there, but I don't know how do remove Content-Length header, using this file, to test it...
Make a file named "HFS.Events" with this:

Code: [Select]
[+request]
{.remove header|Content-Length.}
[+download]
{.remove header|Content-Length.}

Report back if that solved your problem.
Title: Re: New info about this possible bug...
Post by: username1565 on March 25, 2019, 04:45:59 PM
@LeoNeeson, I created this file and put this near hfs.exe (v2.3m).
Then I did run hfs.exe on Windows 8.1 (x64).
After this I try to open the main page on HFS. Ok.
Then F12 -> Network, and reload the page. See request of the main page.
And there I can see doubled headers with Content-length.

When I try to open the main page on HFS from win32 Google Chrome - I still see ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH

So HFS.Events - not working.
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: LeoNeeson on March 30, 2019, 10:16:34 PM
Sorry, then I have no idea on how solve that.
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: rejetto on January 30, 2020, 12:06:41 PM
i've recently found a bug like this and will be fixed in next release (2.4)
Title: Re: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH
Post by: rejetto on February 16, 2020, 10:05:32 PM
new release published
http://rejetto.com/forum/index.php?topic=13060.0