From: Shivani Bhardwaj <shivani@oisf.net>
Date: Thu, 16 Nov 2023 08:18:06 +0000 (+0530)
Subject: detect/engine: fix whitelisted port range check
X-Git-Tag: suricata-8.0.0-beta1~1986
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a00ae607;p=thirdparty%2Fsuricata.git

detect/engine: fix whitelisted port range check

So far, the condition for checking if the whitelisted port was in the
port range of "a" said

a->port >= w->port && a->port2 <= w->port

But, if a->port <= a->port2, this condition could only be true when
a->port == w->port == a->port2. However, the motivation for this fn was
to be able to find if the whitelisted port for a carrier proto already
was in the range of the given protocol and calculate a score for the
port accordingly.
Fix the range check such that a->port <= w->port <= a->port2.
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index e9711eddab..676aa030cc 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1101,8 +1101,9 @@ static int PortIsWhitelisted(const DetectEngineCtx *de_ctx,
         w = de_ctx->udp_whitelist;
 
     while (w) {
-        if (a->port >= w->port && a->port2 <= w->port) {
-            SCLogDebug("port group %u:%u whitelisted -> %d", a->port, a->port2, w->port);
+        /* Make sure the whitelist port falls in the port range of a */
+        DEBUG_VALIDATE_BUG_ON(a->port > a->port2);
+        if (w->port >= a->port && w->port <= a->port2) {
             return 1;
         }
         w = w->next;