detect/port: handle single port that is range too

If a port point is single but later on also a part of a range, it ends
up only creating the port groups for single points and not the range.
Fix it by adding the port next to current single one to unique points
and marking it a range port.

Bug 6843

(cherry picked from commit 632ca75dd3f49bee865f047cc5336870f3a431d2)

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index c0622885dbb95e32c8f2cdf90f37880aa43944d8..ecd2ef65ca9c20d7ec6b24dda1297687d6f65027 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1340,6 +1340,7 @@ error:
     return -1;
 }
 
+#define UNDEFINED_PORT 0
 #define RANGE_PORT  1
 #define SINGLE_PORT 2
 
@@ -1363,18 +1364,23 @@ typedef struct UniquePortPoint_ {
 static inline uint32_t SetUniquePortPoints(
         const DetectPort *p, uint8_t *unique_list, uint32_t size_list)
 {
-    if (unique_list[p->port] == 0) {
+    if (unique_list[p->port] == UNDEFINED_PORT) {
         if (p->port == p->port2) {
             unique_list[p->port] = SINGLE_PORT;
         } else {
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
+    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
+        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+            size_list++;
+        }
+        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded
      * ranges later on */
-    if (unique_list[p->port2] == 0) {
+    if (unique_list[p->port2] == UNDEFINED_PORT) {
         size_list++;
     }
     unique_list[p->port2] = SINGLE_PORT;