3 files changed, 19 insertions, 36 deletions

diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index 21a6829..0000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (C) 2020-2021 VyOS maintainers and contributors
-//
-// This program is free software; you can redistribute it and/or modify
-// in order to easy exprort images built to "external" world
-// it under the terms of the GNU General Public License version 2 or later as
-// published by the Free Software Foundation.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-@NonCPS
-
-// Using a version specifier library, use 'current' branch. The underscore (_)
-// is not a typo! You need this underscore if the line immediately after the
-// @Library annotation is not an import statement!
-@Library('vyos-build@current')_
-
-// Start package build using library function from https://github.com/vyos/vyos-build
-buildPackage(null, null, null, true)
diff --git a/src/ipaddrcheck_functions.c b/src/ipaddrcheck_functions.c
index 2d2dff3..034fd54 100644
--- a/src/ipaddrcheck_functions.c
+++ b/src/ipaddrcheck_functions.c
@@ -546,7 +546,10 @@ int is_ipv4_range(char* range_str, int prefix_length, int verbose)
            If the regex check succeeded, we know the hyphen is there. */
         split_range(range_str, left, right);
 
-        if( !is_ipv4_single(left) )
+        CIDR* left_addr = cidr_from_str(left);
+        CIDR* right_addr = cidr_from_str(right);
+
+        if( !(is_ipv4_single(left) && is_valid_address(left_addr)) )
         {
             if( verbose )
             {
@@ -554,7 +557,7 @@ int is_ipv4_range(char* range_str, int prefix_length, int verbose)
             }
             result = RESULT_FAILURE;
         }
-        else if( !is_ipv4_single(right) )
+        else if( !(is_ipv4_single(right) && is_valid_address(right_addr)) )
         {
             if( verbose )
             {
@@ -564,8 +567,6 @@ int is_ipv4_range(char* range_str, int prefix_length, int verbose)
         }
         else
         {
-            CIDR* left_addr = cidr_from_str(left);
-            CIDR* right_addr = cidr_from_str(right);
             struct in_addr* left_in_addr = cidr_to_inaddr(left_addr, NULL);
             struct in_addr* right_in_addr = cidr_to_inaddr(right_addr, NULL);
 
@@ -608,9 +609,9 @@ int is_ipv4_range(char* range_str, int prefix_length, int verbose)
                 result = RESULT_FAILURE;
             }
 
-            cidr_free(left_addr);
-            cidr_free(right_addr);
         }
+        cidr_free(left_addr);
+        cidr_free(right_addr);
     }
 
     return(result);
@@ -644,7 +645,11 @@ int is_ipv6_range(char* range_str, int prefix_length, int verbose)
            If the regex check succeeded, we know the hyphen is there. */
         split_range(range_str, left, right);
 
-        if( !is_ipv6_single(left) )
+        CIDR* left_addr = cidr_from_str(left);
+        CIDR* right_addr = cidr_from_str(right);
+
+        if( !(is_ipv6_single(left) &&
+              is_valid_address(left_addr) && !duplicate_double_colons(left)) )
         {
             if( verbose )
             {
@@ -652,7 +657,8 @@ int is_ipv6_range(char* range_str, int prefix_length, int verbose)
             }
             result = RESULT_FAILURE;
         }
-        else if( !is_ipv6_single(right) )
+        else if( !(is_ipv6_single(right) &&
+                   is_valid_address(right_addr) && !duplicate_double_colons(right)) )
         {
             if( verbose )
             {
@@ -662,8 +668,6 @@ int is_ipv6_range(char* range_str, int prefix_length, int verbose)
         }
         else
         {
-            CIDR* left_addr = cidr_from_str(left);
-            CIDR* right_addr = cidr_from_str(right);
             struct in6_addr* left_in6_addr = cidr_to_in6addr(left_addr, NULL);
             struct in6_addr* right_in6_addr = cidr_to_in6addr(right_addr, NULL);
 
@@ -705,10 +709,9 @@ int is_ipv6_range(char* range_str, int prefix_length, int verbose)
                 }
                 result = RESULT_FAILURE;
             }
-
-            cidr_free(left_addr);
-            cidr_free(right_addr);
         }
+        cidr_free(left_addr);
+        cidr_free(right_addr);
     }
 
     return(result);
diff --git a/tests/integration_tests.sh b/tests/integration_tests.sh
index 3a1e4ea..2c2c72b 100755
--- a/tests/integration_tests.sh
+++ b/tests/integration_tests.sh
@@ -56,6 +56,7 @@ ipv4_range_negative=(
     192.0.2.-192.0.2.100
     192.0.2.0-
     192.0.2.200-192.0.2.100
+    192.0.2.1-192.0.2.500
 )
 
 ipv6_range_positive=(
@@ -66,6 +67,8 @@ ipv6_range_negative=(
     2001:db8:xx-2001:db8::99
     2001:db:-
     2001:db8::99-2001:db8::1
+    2001::db8::1:1-2001::db8::1::10
+    2001:db8:pqrs::1-2001:db8:uvwx::100
 )
 
 ipv6_single_positive=(