tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Preißer <kpreis...@apache.org>
Subject RE: 8.0.x / 7.0.x progress
Date Mon, 07 Oct 2013 15:34:56 GMT


> -----Original Message-----
> From: Konstantin Preißer [mailto:kpreisser@apache.org]
> Sent: Monday, October 7, 2013 4:10 PM
> To: 'Tomcat Developers List'
> Subject: RE: 8.0.x / 7.0.x progress
> 
> Hi Mark,
> 
> > -----Original Message-----
> > From: Mark Thomas [mailto:markt@apache.org]
> > Sent: Monday, October 7, 2013 3:53 PM
> > To: Tomcat Developers List
> > Subject: Re: 8.0.x / 7.0.x progress
> >
> 
> > > To me this reads that by default (value = -1), there is no limit when
> > processing whole messages, so I think Tomcat should handle such large
> > messages when not using methods to read partial messages.
> > >
> > > Am I missing something?
> >
> > DoS via a single large message that triggers an OOME.
> 
> Yes, that can happen if there is no value specified for the maximum message
> size. (I thought it would be the application's responsibility so set a reasonable
> limit there, e.g. with the maxMessageSize attribute).
> 
> But what I meant was, that the javadoc specifies that "-1" is the default value
> which means that there is no limit when receiving the message (as a whole),
> and the ChatAnnotation does not specify a value in its OnMessage
> annotation. So Tomcat does not seem to implement this default value.
> 
> Also, when I change the value to something like this:
> 
>     @OnMessage(maxMessageSize = 10000000L)
> 
> so that Tomcat should be able to receive 10 MB messages, but it still does not
> receive the 10000 characters string message.

Sorry - I think I missed something regarding the buffer size in the session.

When setting session.setMaxTextMessageBufferSize(1000000); (e.g. in onOpen method), then Tomcat
does indeed receive messages with such size, and it calls the @OnMessage method
 I also noticed that when using @OnMessage with maxMessageSize that is lower than the one
set in session.setMaxTextMessageBufferSize, the message will be rejected.
So it seems that first the limit from session.setMaxTextMessageBufferSize(...) is applied,
and then the limit from @OnMessage(maxMessageSize = ...) is applied. Is this correct?

Note that for the BIO connector, this does not seem to work - there Tomcat does not call the
OnMessage method when such large message is received (and I also was not able to receive partial
messages), whereas for NIO it works.


Regards,
Konstantin Preißer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message