From 3850992c239965403931a2839ef13db9c54aad96 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Mon, 25 Mar 2024 19:08:31 +0530 Subject: [PATCH] detect/port: handle range and upper boundary ports So far, if a port was found to be single which was earlier a part of the range, port + 1 was added to the list to honor the range that it was a part of. But, this is incorrect in case the port is 65535 or if the port was found to be of range when it was earlier a single port. Bug 6896 (cherry picked from commit 4227e52c4b3a5118f42675e0fae28178c026d7fd) --- src/detect-engine-build.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index 4970a7ee7b..ea4775807b 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -1371,11 +1371,12 @@ static inline uint32_t SetUniquePortPoints( unique_list[p->port] = RANGE_PORT; } size_list++; - } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) { - if (unique_list[p->port + 1] == UNDEFINED_PORT) { + } else if (((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) || + ((unique_list[p->port] == RANGE_PORT) && (p->port == p->port2))) { + if ((p->port != UINT16_MAX) && (unique_list[p->port + 1] == UNDEFINED_PORT)) { + unique_list[p->port + 1] = RANGE_PORT; size_list++; } - unique_list[p->port + 1] = RANGE_PORT; } /* Treat right boundary as single point to avoid creating unneeded -- 2.47.2