tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Preißer <kpreis...@apache.org>
Subject RE: 8.0.x / 7.0.x progress
Date Mon, 07 Oct 2013 14:09:50 GMT
Hi Mark,

> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org]
> Sent: Monday, October 7, 2013 3:53 PM
> To: Tomcat Developers List
> Subject: Re: 8.0.x / 7.0.x progress
> 

> > To me this reads that by default (value = -1), there is no limit when
> processing whole messages, so I think Tomcat should handle such large
> messages when not using methods to read partial messages.
> >
> > Am I missing something?
> 
> DoS via a single large message that triggers an OOME.

Yes, that can happen if there is no value specified for the maximum message size. (I thought
it would be the application's responsibility so set a reasonable limit there, e.g. with the
maxMessageSize attribute).

But what I meant was, that the javadoc specifies that "-1" is the default value which means
that there is no limit when receiving the message (as a whole), and the ChatAnnotation does
not specify a value in its OnMessage annotation. So Tomcat does not seem to implement this
default value.

Also, when I change the value to something like this:

    @OnMessage(maxMessageSize = 10000000L)

so that Tomcat should be able to receive 10 MB messages, but it still does not receive the
10000 characters string message.


Regards,
Konstantin Preißer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message