From 43bf219a3c60f8880715a9f643218d532086c9d9 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sat, 16 Jun 2018 20:26:36 -0400
Subject: [PATCH] added makeAddressMatcher

Would be nice to add CIDR notation to this, but this is the minimal
thing needed for the security fix.

This commit was sponsored by Ewen McNeill on Patreon.
---
 Utility/IPAddress.hs | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/Utility/IPAddress.hs b/Utility/IPAddress.hs
index d868639fdd..3a61dc34a7 100644
--- a/Utility/IPAddress.hs
+++ b/Utility/IPAddress.hs
@@ -69,3 +69,25 @@ embeddedIpv4 v = case v of
   where
 	toipv4 a b = htonl $ fromIntegral a * (2^halfipv4bits) + fromIntegral b
 	halfipv4bits = 16 :: Word32
+
+{- Given a string containing an IP address, make a function that will
+ - match that address in a SockAddr. Nothing when the address cannot be
+ - parsed.
+ -
+ - This does not involve any DNS lookups.
+ -}
+makeAddressMatcher :: String -> IO (Maybe (SockAddr -> Bool))
+makeAddressMatcher s = go
+	<$> catchDefaultIO [] (getAddrInfo (Just hints) (Just s) Nothing)
+  where
+	hints = defaultHints
+		{ addrSocketType = Stream
+		, addrFlags = [AI_NUMERICHOST]
+		}
+	
+	go [] = Nothing
+	go l = Just $ \sockaddr -> any (match sockaddr) (map addrAddress l)
+
+	match (SockAddrInet _ a) (SockAddrInet _ b) = a == b
+	match (SockAddrInet6 _ _ a _) (SockAddrInet6 _ _ b _) = a == b
+	match _ _ = False