From 284b83b896112997564db5718eb93e0984c32a0a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 May 2023 15:22:41 +0000
Subject: [PATCH] lib: ip: check range in 'nthInRange4'

---
 lib/ip.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/ip.nix b/lib/ip.nix
index 2af3fef..fcafd72 100644
--- a/lib/ip.nix
+++ b/lib/ip.nix
@@ -100,7 +100,7 @@ rec {
   # Pretty print a parsed subnet into a human readable form
   prettySubnet4 = { baseIp, cidr, ... }: "${prettyIp4 baseIp}/${toString cidr}";
 
-  # Get the nth address from an IPv4 range, without checking if it is in range
+  # Get the nth address from an IPv4 range
   nthInRange4 = { from, to }: n:
     let
       carry = lhs: { carry, acc }:
@@ -112,8 +112,15 @@ rec {
           acc = [ (mod totVal 256) ] ++ acc;
         };
       carried = foldr carry { carry = n; acc = [ ]; } from;
+      checkInRange =
+        if (to - from) < n
+        then
+          warn ''
+            nthInRange4: '${n}'-th address outside of range (${prettyIp4 from}, ${prettyIp4 to})
+          ''
+        else id;
     in
-    carried.acc;
+    checkInRange carried.acc;
 
   # Convert an IPv4 range into a list of all its constituent addresses
   rangeIp4 =