This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
Note that read() returns "-1" when you're at end-of-file. This line
received += is.read(buffer, 0, buffer.length);
is a big mistake, as it uses the return value of read without checking first for the "-1". If anything goes wrong during the transmission, this line is going to bite you.
If you look at your code, you can see that if when you get to end of file prematurely -- if the connection is dropped, or if the value of 'size' is, for some reason, incorrect -- you'll end up calling "write" with -1 as the third argument. Since -1 also looks like a large positive number (2^31), you'll proceed to call write with this large argument over and over until the disk fills up.