detect/port: handle single port that is range too

If a port point is single but later on also a part of a range, it ends up only creating the port groups for single points and not the range. Fix it by adding the port next to current single one to unique points and marking it a range port. Bug 6843
inashivb · Mar 9, 2024 · 632ca75 · 632ca75
1 parent 3aa313d
commit 632ca75
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
@@ -1312,6 +1312,7 @@ static int CreateGroupedPortList(DetectEngineCtx *de_ctx, DetectPort *port_list,
     return -1;
 }
 
+#define UNDEFINED_PORT 0
 #define RANGE_PORT  1
 #define SINGLE_PORT 2
 
@@ -1335,18 +1336,23 @@ typedef struct UniquePortPoint_ {
 static inline uint32_t SetUniquePortPoints(
         const DetectPort *p, uint8_t *unique_list, uint32_t size_list)
 {
-    if (unique_list[p->port] == 0) {
+    if (unique_list[p->port] == UNDEFINED_PORT) {
         if (p->port == p->port2) {
             unique_list[p->port] = SINGLE_PORT;
         } else {
             unique_list[p->port] = RANGE_PORT;
         }
         size_list++;
+    } else if ((unique_list[p->port] == SINGLE_PORT) && (p->port != p->port2)) {
+        if (unique_list[p->port + 1] == UNDEFINED_PORT) {
+            size_list++;
+        }
+        unique_list[p->port + 1] = RANGE_PORT;
     }
 
     /* Treat right boundary as single point to avoid creating unneeded
      * ranges later on */
-    if (unique_list[p->port2] == 0) {
+    if (unique_list[p->port2] == UNDEFINED_PORT) {
         size_list++;
     }
     unique_list[p->port2] = SINGLE_PORT;