smb/dce_opnum: move range if to outer context

The smb dce_opnum matches all the opnums that are higher that the
indicated opnum. This is due the range comparison if was put in the
exact comparison context, and in case the opnum doesn't match exactly,
then the range comparison is triggered (the upper limit is always true).

Move the erroneus if to the outer context, as else option of the block
checks if comparison should be exact or range.

Ticket: 4767
(cherry picked from commit 333db3b3852899885f1c2a251b4643b124e3cb18)

diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs
index a9a003428d5495a863aea76382ecdb0398b94e05..2e30484051c460dcec28db03c75261b847504368 100644 (file)
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@@ -123,9 +123,9 @@ pub extern "C" fn rs_smb_tx_match_dce_opnum(tx: &mut SMBTransaction,
                     if range.range2 == DETECT_DCE_OPNUM_RANGE_UNINITIALIZED {
                         if range.range1 == x.opnum as u32 {
                             return 1;
-                        } else if range.range1 <= x.opnum as u32 && range.range2 >= x.opnum as u32 {
-                            return 1;
                         }
+                    } else if range.range1 <= x.opnum as u32 && range.range2 >= x.opnum as u32 {
+                        return 1;
                     }
                 }
             }