[ZendTo] Chunk name missing or too long

Jules Jules at Zend.To
Thu Jul 9 18:02:03 BST 2020 

Damien,

Sorry, I take back what I said.

I went on a hunt for the same error in my production ZendTo server. And 
lo and behold, it happened to the same user a whole row of times. Just 
like it did for you.

A bit of cross-checking with the Apache logs showed that indeed there is 
a bug.
Basically, if the upload of a chunk failed, it should try again.
Because of a stray "_" it was simply failing instead.

So I've fixed that, and have improved the logging of chunk upload 
problems, so that you can easily see whether someone is really having 
problems, or they're just trying to break your ZendTo server by sending 
nasty stuff.

(Oh, and the chunk name is generated by ZendTo and passed to the 
browser, it's not actually created by the browser.)

So these fixes will be in the next release, which I will do hopefully 
tomorrow.

Thanks!
Jules.

On 09/07/2020 16:24, Jules via ZendTo wrote:
> Ask them to clear their browser cache completely. Does it behave the 
> same in a Firefox "Private Window"?
> What exact version of Firefox are they running, and on what OS/platform?
>
> I haven't had complaints from anyone else about the chunked uploading 
> not working, and I tested it myself on just about every browser I 
> could lay my hands on.
>
> I would be very interested to work out what's going on here...
>
> Cheers,
> Jules.
>
> On 09/07/2020 16:18, Solodow, Damien wrote:
>>
>> It was the same user, IP, etc.
>>
>> Looks to be a single user thus far; using Firefox.
>>
>> Found out about it because they hit me up to report that “shows an 
>> upload window, then kaput; no error messages”. Was only like a 60mb 
>> file they were trying to upload.
>>
>>>>
>> Gaylor Electric logo <https://gaylor.com/>
>>
>> Gaylor Electric Website <https://gaylor.com/>
>>
>> 	
>>
>> Facebook <https://www.facebook.com/gaylorelectric>
>>
>> 	
>>
>> Twitter <https://www.twitter.com/gaylorelectric>
>>
>> 	
>>
>> LinkedIn <https://www.linkedin.com/company/gaylor-inc-/>
>>
>> 	
>>
>> *Damien Solodow*
>>
>> *IS System Administrator*
>>
>> Gaylor Electric, Inc.
>>
>> 5750 Castle Creek Pkwy N Drive, Suite 400
>>
>> Indianapolis
>>
>> 	
>>
>> ,
>>
>> 	
>>
>> IN
>>
>> 	
>>
>> .
>>
>> 	
>>
>> 46250
>>
>> O: 317.815.3103 <tel:317.815.3103>
>>
>> 	
>>
>> |
>>
>> 	
>>
>> M: 317.506.8521 <tel:317.506.8521>
>>
>> *317.759.0077 <https://help.gaylor.com/>emergency 
>> <https://help.gaylor.com/>IS support <https://help.gaylor.com/>*
>>
>> *From:* Jules <Jules at Zend.To>
>> *Sent:* Thursday, July 9, 2020 11:16 AM
>> *To:* ZendTo Users <zendto at zend.to>
>> *Cc:* Solodow, Damien <dsolodow at gaylor.com>
>> *Subject:* Re: [ZendTo] Chunk name missing or too long
>>
>> Damien,
>>
>> Does the log show if any of the errors have anything in common, at all?
>> Same user, same IP, same anything?
>> Are you still getting these errors?
>> If so, how often (compared with some indication of the traffic your 
>> ZendTo site usually gets)?
>>
>> The "chunk name" is a random string created by the user's web 
>> browser. But I do sanity-check it thoroughly on the server.
>> So it may be nothing more than some "penetration tester" (to be 
>> polite) trying to use all sorts of other strings and disallowed 
>> characters in the "chunk name" in order to see if they can break it.
>>
>> Because the chunked uploading is relatively new in ZendTo, there are 
>> probably all sorts of lovely people out there trying to see if they 
>> can do JavaScript injection, SQL injection, all sorts of unpleasant 
>> things by subverting the new feature.
>>
>> If none of your users are complaining, and you only see these 
>> occasionally, then I wouldn't worry too much about this.
>>
>> Cheers,
>> Jules.
>>
>> On 09/07/2020 14:14, Solodow, Damien via ZendTo wrote:
>>
>>     Running 6.03-3 on Ubuntu 18.04 LTS
>>
>>     Seeing a few lines of “Error: Chunk name missing or too long” in
>>     the system log. Chunk size is set to the default 50mb, but I
>>     didn’t see anything in preferences.php about chunk name.
>>
>>>>
>>     Gaylor Electric logo <https://gaylor.com/>
>>
>>     Gaylor Electric Website <https://gaylor.com/>
>>
>>     	
>>
>>     Facebook <https://www.facebook.com/gaylorelectric>
>>
>>     	
>>
>>     Twitter <https://www.twitter.com/gaylorelectric>
>>
>>     	
>>
>>     LinkedIn <https://www.linkedin.com/company/gaylor-inc-/>
>>
>>     	
>>
>>     *Damien Solodow*
>>
>>     *IS System Administrator*
>>
>>     Gaylor Electric, Inc.
>>
>>     5750 Castle Creek Pkwy N Drive, Suite 400
>>
>>     Indianapolis
>>
>>     	
>>
>>     ,
>>
>>     	
>>
>>     IN
>>
>>     	
>>
>>     .
>>
>>     	
>>
>>     46250
>>
>>     O: 317.815.3103 <tel:317.815.3103>
>>
>>     	
>>
>>     |
>>
>>     	
>>
>>     M: 317.506.8521 <tel:317.506.8521>
>>
>>     *317.759.0077 <https://help.gaylor.com/>emergency
>>     <https://help.gaylor.com/>IS support <https://help.gaylor.com/>*
>>
>>
>>
>>     _______________________________________________
>>
>>     ZendTo mailing list
>>
>>     ZendTo at zend.to  <mailto:ZendTo at zend.to>
>>
>>     http://jul.es/mailman/listinfo/zendto  <http://jul.es/mailman/listinfo/zendto>
>>
>>
>>
>> Jules
>> -- 
>> Julian Field MEng CEng CITP MBCS MIEEE MACM
>> 'The best and most beautiful things in life cannot be seen or even
>>   touched; they must be felt with the heart.' - Helen Keller
>> www.Zend.To  <http://www.Zend.To>
>> Twitter: @JulesFM
>
> Jules
>
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'The best and most beautiful things in life cannot be seen or even
>   touched; they must be felt with the heart.' - Helen Keller
>
> www.Zend.To
> Twitter: @JulesFM
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Talent is God-given ... be humble;
  fame is man-given ... be grateful;
  conceit is self-given ... be careful.' - John Wooden

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5535 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 1014 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 713 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 852 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 774 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 1014 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200709/fed78f44/attachment-0003.jpg>

More information about the ZendTo mailing list