Note that read() returns "-1" when you're at end-of-file. This line
received += is.read(buffer, 0, buffer.length);
is a big mistake, as it uses the return value of read without checking first for the "-1". If anything goes wrong during the transmission, this line is going to bite you.
If you look at your code, you can see that if when you get to end of file prematurely -- if the connection is dropped, or if the value of 'size' is, for some reason, incorrect -- you'll end up calling "write" with -1 as the third argument. Since -1 also looks like a large positive number (2^31), you'll proceed to call write with this large argument over and over until the disk fills up.