evaluate: optimize zero length range

commit deda274293f80f9718de4cbb416bd2b2bf296709 upstream.

A rule like the following:

  ... tcp dport 22-22 ...

results in a range expression to match from 22 to 22.

Simplify to singleton value so a cmp is used instead.

This optimization already exists in set elements which might explain
this overlook.

Fixes: 7a6e16040d65 ("evaluate: allow for zero length ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 1578d440a767641dbbd3da7c569e9a24dfc5a83f..4a4ccc1f3f74ae608e306f17db4dc0db2ebb6813 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1204,12 +1204,12 @@ static int __expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
        return 0;
 }
 
-static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
+static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **exprp)
 {
-       struct expr *range = *expr, *left, *right;
+       struct expr *range = *exprp, *left, *right;
        int rc;
 
-       rc = __expr_evaluate_range(ctx, expr);
+       rc = __expr_evaluate_range(ctx, exprp);
        if (rc)
                return rc;
 
@@ -1219,6 +1219,12 @@ static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
        if (mpz_cmp(left->value, right->value) > 0)
                return expr_error(ctx->msgs, range, "Range negative size");
 
+       if (mpz_cmp(left->value, right->value) == 0) {
+               *exprp = expr_get(left);
+               expr_free(range);
+               return 0;
+       }
+
        datatype_set(range, left->dtype);
        range->flags |= EXPR_F_CONSTANT;
        return 0;