Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Enforce data size limit when checking files for MIME matches.

Browse source 
The value of *bof_buffer_size* in the *fa_file* record was supposed to
always limit the amount of data used by the signature matching engine,
but some corner cases would cause matching to be performed on data
beyond that.
This commit is contained in:
Jon Siwek 2014-04-21 16:43:33 -05:00
parent bc5c02cb74
commit 8126f06ffb
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/file_analysis/File.cc
View file

@ -283,6 +283,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
bool File::DetectMIME(const u_char* data, uint64 len)
{
RuleMatcher::MIME_Matches matches;
len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
file_mgr->DetectMIME(data, len, &matches);
if ( matches.empty() )