smb/dce_opnum: move range if to outer context

The smb dce_opnum matches all the opnums that are higher that the
indicated opnum. This is due the range comparison if was put in the
exact comparison context, and in case the opnum doesn't match exactly,
then the range comparison is triggered (the upper limit is always true).

Move the erroneus if to the outer context, as else option of the block
checks if comparison should be exact or range.

Ticket: 4767

diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs
index 6072e1131b621572933e0291c59ba462f2ce5941..1c77d74608479e60aeea2316b6212b1f6c632290 100644 (file)
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@@ -111,9 +111,9 @@ pub extern "C" fn rs_smb_tx_match_dce_opnum(tx: &mut SMBTransaction,
                     if range.range2 == DETECT_DCE_OPNUM_RANGE_UNINITIALIZED {
                         if range.range1 == x.opnum as u32 {
                             return 1;
-                        } else if range.range1 <= x.opnum as u32 && range.range2 >= x.opnum as u32 {
-                            return 1;
                         }
+                    } else if range.range1 <= x.opnum as u32 && range.range2 >= x.opnum as u32 {
+                        return 1;
                     }
                 }
             }