On Mon, Oct 7, 2013 at 6:34 PM, Konstantin Preißer <kpreis...@apache.org>wrote:
> > > > -----Original Message----- > > From: Konstantin Preißer [mailto:kpreis...@apache.org] > > Sent: Monday, October 7, 2013 4:10 PM > > To: 'Tomcat Developers List' > > Subject: RE: 8.0.x / 7.0.x progress > > > > Hi Mark, > > > > > -----Original Message----- > > > From: Mark Thomas [mailto:ma...@apache.org] > > > Sent: Monday, October 7, 2013 3:53 PM > > > To: Tomcat Developers List > > > Subject: Re: 8.0.x / 7.0.x progress > > > > > > > > > To me this reads that by default (value = -1), there is no limit when > > > processing whole messages, so I think Tomcat should handle such large > > > messages when not using methods to read partial messages. > > > > > > > > Am I missing something? > > > > > > DoS via a single large message that triggers an OOME. > > > > Yes, that can happen if there is no value specified for the maximum > message > > size. (I thought it would be the application's responsibility so set a > reasonable > > limit there, e.g. with the maxMessageSize attribute). > > > > But what I meant was, that the javadoc specifies that "-1" is the > default value > > which means that there is no limit when receiving the message (as a > whole), > > and the ChatAnnotation does not specify a value in its OnMessage > > annotation. So Tomcat does not seem to implement this default value. > > > > Also, when I change the value to something like this: > > > > @OnMessage(maxMessageSize = 10000000L) > > > > so that Tomcat should be able to receive 10 MB messages, but it still > does not > > receive the 10000 characters string message. > > Sorry - I think I missed something regarding the buffer size in the > session. > > When setting session.setMaxTextMessageBufferSize(1000000); (e.g. in onOpen > method), then Tomcat does indeed receive messages with such size, and it > calls the @OnMessage method > I also noticed that when using @OnMessage with maxMessageSize that is > lower than the one set in session.setMaxTextMessageBufferSize, the message > will be rejected. > So it seems that first the limit from > session.setMaxTextMessageBufferSize(...) is applied, and then the limit > from @OnMessage(maxMessageSize = ...) is applied. Is this correct? > Looking into the javadoc of those methods and the implementation this seems to be the correct behavior. The message is rejected simply because the buffer on the session has more data than the concrete message handler can process: hence it is rejected as the message will be too big for processing. Implementation details can be found at org.apache.tomcat.websocket.WsFrameBase > > Note that for the BIO connector, this does not seem to work - there Tomcat > does not call the OnMessage method when such large message is received (and > I also was not able to receive partial messages), whereas for NIO it works. > IMHO this particular behavior shouldn't be influenced by NIO and BIO connectors. > > Regards, > Konstantin Preißer > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
