From 5b1de57d732f1c938cd3b781059d79ca974f2e0c Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 10 Jan 2017 14:46:48 -0800
Subject: [PATCH] detect-parse: simplify port prefiltering

Regular expression was not matching some authorized setting like
"![1234, 1235]". This patch simplify the regexp to match on
possible character and let the port parsing code handle the
complete verification.
---
 src/detect-parse.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 1af519b090..7307d974be 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -104,11 +104,7 @@ typedef struct SigDuplWrapper_ {
                            ")"
 
 /* if enclosed in [], spaces are allowed */
-#define CONFIG_PCRE_PORT   "(" \
-                            "[\\:A-z0-9_\\$\\!,]+"\
-                           "|"\
-                            "\\[[\\:A-z0-9_\\$\\!,\\s]+\\]"\
-                           ")"
+#define CONFIG_PCRE_PORT   "([\\[\\]\\:A-z0-9_\\$\\!,\\s]+)"
 
 /* format: action space(s) protocol spaces(s) src space(s) sp spaces(s) dir spaces(s) dst spaces(s) dp spaces(s) options */
 #define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9\\-]+)\\s+" \