Hi Mark,
> -----Original Message-----
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Monday, October 7, 2013 3:53 PM
> To: Tomcat Developers List
> Subject: Re: 8.0.x / 7.0.x progress
>
> > To me this reads that by default (value = -1), there is no limit when
> processing whole messages, so I think Tomcat should handle such large
> messages when not using methods to read partial messages.
> >
> > Am I missing something?
>
> DoS via a single large message that triggers an OOME.
Yes, that can happen if there is no value specified for the maximum message
size. (I thought it would be the application's responsibility so set a
reasonable limit there, e.g. with the maxMessageSize attribute).
But what I meant was, that the javadoc specifies that "-1" is the default value
which means that there is no limit when receiving the message (as a whole), and
the ChatAnnotation does not specify a value in its OnMessage annotation. So
Tomcat does not seem to implement this default value.
Also, when I change the value to something like this:
@OnMessage(maxMessageSize = 10000000L)
so that Tomcat should be able to receive 10 MB messages, but it still does not
receive the 10000 characters string message.
Regards,
Konstantin Preißer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
