detect/port: fix grouping of ports w gaps

If a single port happens before a range port, the port groups created were incorrect. Fix it to use smarter range check. For example, given, 80:80 - SGH1 100:120 - SGH2 Range created should be 80:80 - SGH1 100:120 - SGH2 Bug 6881
12 months ago · 7d937db5cb
parent 0be3ba802e
commit 7d937db5cb
1 changed files with 7 additions and 1 deletions
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@ -1425,7 +1425,13 @@ static inline int CreatePortList(DetectEngineCtx *de_ctx, const uint8_t *unique_
                port = port2 + 1;
            } else if (p1 && p1->single) {
                SCPortIntervalFindOverlappingRanges(de_ctx, port, port, &it->tree, list);
-                port = port + 1;
+                if ((port2 > port + 1)) {
+                    SCPortIntervalFindOverlappingRanges(
+                            de_ctx, port + 1, port2 - 1, &it->tree, list);
+                    port = port2;
+                } else {
+                    port = port + 1;
+                }
            } else if (p2->single) {
                /* If port2 is boundary and less or equal to port + 1, create a range
                 * keeping the boundary away as it is single port */