From 4a00ae6076df94a5096e467ec85896c9d34c6488 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Thu, 16 Nov 2023 13:48:06 +0530 Subject: [PATCH] detect/engine: fix whitelisted port range check So far, the condition for checking if the whitelisted port was in the port range of "a" said a->port >= w->port && a->port2 <= w->port But, if a->port <= a->port2, this condition could only be true when a->port == w->port == a->port2. However, the motivation for this fn was to be able to find if the whitelisted port for a carrier proto already was in the range of the given protocol and calculate a score for the port accordingly. Fix the range check such that a->port <= w->port <= a->port2. --- src/detect-engine-build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index e9711eddab..676aa030cc 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -1101,8 +1101,9 @@ static int PortIsWhitelisted(const DetectEngineCtx *de_ctx, w = de_ctx->udp_whitelist; while (w) { - if (a->port >= w->port && a->port2 <= w->port) { - SCLogDebug("port group %u:%u whitelisted -> %d", a->port, a->port2, w->port); + /* Make sure the whitelist port falls in the port range of a */ + DEBUG_VALIDATE_BUG_ON(a->port > a->port2); + if (w->port >= a->port && w->port <= a->port2) { return 1; } w = w->next; -- 2.47.2