A rule like the following:
... tcp dport 22-22 ...
results in a range expression to match from 22 to 22.
Simplify to singleton value so a cmp is used instead.
This optimization already exists in set elements which might explain
this overlook.
Fixes: 7a6e16040d65 ("evaluate: allow for zero length ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index ddc46754fc67..ee66b93d7c23 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1305,12 +1305,12 @@ static int __expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
return 0;
}
-static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
+static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **exprp)
{
- struct expr *range = *expr, *left, *right;
+ struct expr *range = *exprp, *left, *right;
int rc;
- rc = __expr_evaluate_range(ctx, expr);
+ rc = __expr_evaluate_range(ctx, exprp);
if (rc)
return rc;
@@ -1320,6 +1320,12 @@ static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
if (mpz_cmp(left->value, right->value) > 0)
return expr_error(ctx->msgs, range, "Range negative size");
+ if (mpz_cmp(left->value, right->value) == 0) {
+ *exprp = expr_get(left);
+ expr_free(range);
+ return 0;
+ }
+
datatype_set(range, left->dtype);
range->flags |= EXPR_F_CONSTANT;
return 0;
--
2.30.2
