From 8126f06ffb3402d380a80774a11f7df4b3f1b774 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@illinois.edu>
Date: Mon, 21 Apr 2014 16:43:33 -0500
Subject: [PATCH] Enforce data size limit when checking files for MIME matches.

The value of *bof_buffer_size* in the *fa_file* record was supposed to
always limit the amount of data used by the signature matching engine,
but some corner cases would cause matching to be performed on data
beyond that.
---
 src/file_analysis/File.cc                                 | 1 +
 .../doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1     | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc
index e8a7ea15ee..2772b55418 100644
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@@ -283,6 +283,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
 bool File::DetectMIME(const u_char* data, uint64 len)
 	{
 	RuleMatcher::MIME_Matches matches;
+	len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
 	file_mgr->DetectMIME(data, len, &matches);
 
 	if ( matches.empty() )
diff --git a/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1 b/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
index 3cd6a49e11..3d6b9dffad 100644
--- a/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
+++ b/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
@@ -16,15 +16,15 @@
       #empty_field	(empty)
       #unset_field	-
       #path	mime_metrics
-      #open	2014-03-06-17-30-44
+      #open	2014-04-21-21-34-08
       #fields	ts	ts_delta	mtype	uniq_hosts	hits	bytes
       #types	time	interval	string	count	count	count
-      1389719059.311698	300.000000	text/html	1	4	53070
+      1389719059.311698	300.000000	text/html	1	3	47335
       1389719059.311698	300.000000	image/jpeg	1	1	186859
       1389719059.311698	300.000000	application/pgp-signature	1	1	836
-      1389719059.311698	300.000000	text/plain	1	12	113982
+      1389719059.311698	300.000000	text/plain	1	13	119717
       1389719059.311698	300.000000	image/gif	1	1	172
       1389719059.311698	300.000000	image/png	1	9	82176
       1389719059.311698	300.000000	image/x-icon	1	2	2300
-      #close	2014-03-06-17-30-44
+      #close	2014-04-21-21-34-08