From: Shivani Bhardwaj <shivani@oisf.net>
Date: Mon, 25 Mar 2024 13:38:31 +0000 (+0530)
Subject: detect/port: handle range and upper boundary ports
X-Git-Tag: suricata-8.0.0-beta1~1587
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4227e52c4b3a5118f42675e0fae28178c026d7fd;p=thirdparty%2Fsuricata.git

detect/port: handle range and upper boundary ports

So far, if a port was found to be single which was earlier a part of the
range, port + 1 was added to the list to honor the range that it was a
part of. But, this is incorrect in case the port is 65535 or if the port
was found to be of range when it was earlier a single port.

Bug 6896
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 715c537b37..3f3f96a32c 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1343,11 +1343,12 @@ static inline uint32_t SetUniquePortPoints(
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
-    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
-        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+    } else if (((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) ||
+               ((unique_list[p->port] == RANGE_PORT) && (p->port == p->port2))) {
+        if ((p->port != UINT16_MAX) && (unique_list[p->port + 1] == UNDEFINED_PORT)) {
+            unique_list[p->port + 1] = RANGE_PORT;
             size_list++;
         }
-        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded