From: Shivani Bhardwaj <shivani@oisf.net>
Date: Sat, 9 Mar 2024 04:21:57 +0000 (+0530)
Subject: detect/port: handle single port that is range too
X-Git-Tag: suricata-8.0.0-beta1~1662
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F10608%2Fhead;p=thirdparty%2Fsuricata.git

detect/port: handle single port that is range too

If a port point is single but later on also a part of a range, it ends
up only creating the port groups for single points and not the range.
Fix it by adding the port next to current single one to unique points
and marking it a range port.

Bug 6843
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 67fb740531..acbc9fc82d 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -1312,6 +1312,7 @@ error:
     return -1;
 }
 
+#define UNDEFINED_PORT 0
 #define RANGE_PORT  1
 #define SINGLE_PORT 2
 
@@ -1335,18 +1336,23 @@ typedef struct UniquePortPoint_ {
 static inline uint32_t SetUniquePortPoints(
         const DetectPort *p, uint8_t *unique_list, uint32_t size_list)
 {
-    if (unique_list[p->port] == 0) {
+    if (unique_list[p->port] == UNDEFINED_PORT) {
         if (p->port == p->port2) {
             unique_list[p->port] = SINGLE_PORT;
         } else {
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
+    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
+        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+            size_list++;
+        }
+        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded
      * ranges later on */
-    if (unique_list[p->port2] == 0) {
+    if (unique_list[p->port2] == UNDEFINED_PORT) {
         size_list++;
     }
     unique_list[p->port2] = SINGLE_PORT;