From: Victor Julien <vjulien@oisf.net>
Date: Fri, 12 Jan 2024 07:03:06 +0000 (+0530)
Subject: detect/engine: fix whitelisting check
X-Git-Tag: suricata-8.0.0-beta1~1687
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb9680bb7b17f6744c9f6f26abf4c902c83de8f3;p=thirdparty%2Fsuricata.git

detect/engine: fix whitelisting check

In the commit 4a00ae607, the whitelisting check was updated in a quest
to make use of the conditional better but it made things worse as every
range would be whitelisted as long as it had any of the default
whitelisted port which is very common.
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 605a568238..24ddc0af44 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1076,7 +1076,7 @@ static int PortIsWhitelisted(const DetectEngineCtx *de_ctx,
     while (w) {
         /* Make sure the whitelist port falls in the port range of a */
         DEBUG_VALIDATE_BUG_ON(a->port > a->port2);
-        if (w->port >= a->port && w->port <= a->port2) {
+        if (a->port == w->port && w->port2 == a->port2) {
             return 1;
         }
         w = w->next;