detect/engine: fix whitelisted port range check

So far, the condition for checking if the whitelisted port was in the
port range of "a" said

a->port >= w->port && a->port2 <= w->port

But, if a->port <= a->port2, this condition could only be true when
a->port == w->port == a->port2. However, the motivation for this fn was
to be able to find if the whitelisted port for a carrier proto already
was in the range of the given protocol and calculate a score for the
port accordingly.
Fix the range check such that a->port <= w->port <= a->port2.

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index e9711eddaba2920d9554e9fc2a0c7eb32ab180bc..676aa030cc30b68fe783a8d74aefab541fcf046a 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1101,8 +1101,9 @@ static int PortIsWhitelisted(const DetectEngineCtx *de_ctx,
         w = de_ctx->udp_whitelist;
 
     while (w) {
-        if (a->port >= w->port && a->port2 <= w->port) {
-            SCLogDebug("port group %u:%u whitelisted -> %d", a->port, a->port2, w->port);
+        /* Make sure the whitelist port falls in the port range of a */
+        DEBUG_VALIDATE_BUG_ON(a->port > a->port2);
+        if (w->port >= a->port && w->port <= a->port2) {
             return 1;
         }
         w = w->next;