detect/port: handle range and upper boundary ports

So far, if a port was found to be single which was earlier a part of the
range, port + 1 was added to the list to honor the range that it was a
part of. But, this is incorrect in case the port is 65535 or if the port
was found to be of range when it was earlier a single port.

Bug 6896

(cherry picked from commit 4227e52c4b3a5118f42675e0fae28178c026d7fd)

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 4970a7ee7b440b414e79f2a630a73caf883b3bb2..ea4775807b9ff34731261c46b9f0695b3c833c1b 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1371,11 +1371,12 @@ static inline uint32_t SetUniquePortPoints(
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
-    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
-        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+    } else if (((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) ||
+               ((unique_list[p->port] == RANGE_PORT) && (p->port == p->port2))) {
+        if ((p->port != UINT16_MAX) && (unique_list[p->port + 1] == UNDEFINED_PORT)) {
+            unique_list[p->port + 1] = RANGE_PORT;
             size_list++;
         }
-        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded