detect/port: handle range and upper boundary ports

So far, if a port was found to be single which was earlier a part of the range, port + 1 was added to the list to honor the range that it was a part of. But, this is incorrect in case the port is 65535 or if the port was found to be of range when it was earlier a single port. Bug 6896
mmaatuq · Mar 25, 2024 · 4227e52 · 4227e52
1 parent 02b019d
commit 4227e52
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
@@ -1343,11 +1343,12 @@ static inline uint32_t SetUniquePortPoints(
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
-    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
-        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+    } else if (((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) ||
+               ((unique_list[p->port] == RANGE_PORT) && (p->port == p->port2))) {
+        if ((p->port != UINT16_MAX) && (unique_list[p->port + 1] == UNDEFINED_PORT)) {
+            unique_list[p->port + 1] = RANGE_PORT;
             size_list++;
         }
-        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded