Enforce data size limit when checking files for MIME matches.

The value of *bof_buffer_size* in the *fa_file* record was supposed to always limit the amount of data used by the signature matching engine, but some corner cases would cause matching to be performed on data beyond that.
2025-10-06 16:48:19 +00:00 · 2014-04-21 16:43:33 -05:00 · 2014-04-21 16:43:33 -05:00 · 8126f06ffb
commit 8126f06ffb
parent bc5c02cb74
2 changed files with 5 additions and 4 deletions
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -283,6 +283,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
 bool File::DetectMIME(const u_char* data, uint64 len)
 	{
 	RuleMatcher::MIME_Matches matches;
+	len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
 	file_mgr->DetectMIME(data, len, &matches);

 	if ( matches.empty() )
--- a/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
+++ b/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
@ -16,15 +16,15 @@
      #empty_field	(empty)
      #unset_field	-
      #path	mime_metrics
-      #open	2014-03-06-17-30-44
+      #open	2014-04-21-21-34-08
      #fields	ts	ts_delta	mtype	uniq_hosts	hits	bytes
      #types	time	interval	string	count	count	count
-      1389719059.311698	300.000000	text/html	1	4	53070
+      1389719059.311698	300.000000	text/html	1	3	47335
      1389719059.311698	300.000000	image/jpeg	1	1	186859
      1389719059.311698	300.000000	application/pgp-signature	1	1	836
-      1389719059.311698	300.000000	text/plain	1	12	113982
+      1389719059.311698	300.000000	text/plain	1	13	119717
      1389719059.311698	300.000000	image/gif	1	1	172
      1389719059.311698	300.000000	image/png	1	9	82176
      1389719059.311698	300.000000	image/x-icon	1	2	2300
-      #close	2014-03-06-17-30-44
+      #close	2014-04-21-21-34-08