detect/engine: fix whitelisted port range check

So far, the condition for checking if the whitelisted port was in the port range of "a" said a->port >= w->port && a->port2 <= w->port But, if a->port <= a->port2, this condition could only be true when a->port == w->port == a->port2. However, the motivation for this fn was to be able to find if the whitelisted port for a carrier proto already was in the range of the given protocol and calculate a score for the port accordingly. Fix the range check such that a->port <= w->port <= a->port2.
3 years ago · 4a00ae6076
parent 2b73a17bb0
commit 4a00ae6076
1 changed files with 3 additions and 2 deletions
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@ -1101,8 +1101,9 @@ static int PortIsWhitelisted(const DetectEngineCtx *de_ctx,
        w = de_ctx->udp_whitelist;

    while (w) {
-        if (a->port >= w->port && a->port2 <= w->port) {
-            SCLogDebug("port group %u:%u whitelisted -> %d", a->port, a->port2, w->port);
+        /* Make sure the whitelist port falls in the port range of a */
+        DEBUG_VALIDATE_BUG_ON(a->port > a->port2);
+        if (w->port >= a->port && w->port <= a->port2) {
            return 1;
        }
        w = w->next;