4 files changed, 44 insertions, 30 deletions

diff --git a/toxcore/DHT.c b/toxcore/DHT.c
index 50bddbd6..94168a69 100644
--- a/toxcore/DHT.c
+++ b/toxcore/DHT.c
@@ -543,7 +543,10 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
                             sizeof(ping_id) + num_nodes * sizeof(Node_format),
                             encrypt );
 
-    if (len != sizeof(ping_id) + num_nodes * sizeof(Node_format) + ENCRYPTION_PADDING)
+    if (len == -1)
+        return -1;
+
+    if ((uint32_t)len != sizeof(ping_id) + num_nodes * sizeof(Node_format) + ENCRYPTION_PADDING)
         return -1;
 
     data[0] = NET_PACKET_SEND_NODES;
@@ -609,7 +612,10 @@ static int handle_sendnodes(void *object, IP_Port source, uint8_t *packet, uint3
                   packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
                   sizeof(ping_id) + num_nodes * sizeof(Node_format) + ENCRYPTION_PADDING, plain );
 
-    if (len != sizeof(ping_id) + num_nodes * sizeof(Node_format))
+    if (len == -1)
+        return -1;
+
+    if ((uint32_t)len != sizeof(ping_id) + num_nodes * sizeof(Node_format))
         return 1;
 
     memcpy(&ping_id, plain, sizeof(ping_id));
@@ -877,7 +883,8 @@ int route_tofriend(DHT *dht, uint8_t *friend_id, uint8_t *packet, uint32_t lengt
 
         /* If ip is not zero and node is good */
         if (client->ret_ip_port.ip.uint32 != 0 && !is_timeout(temp_time, client->ret_timestamp, BAD_NODE_TIMEOUT)) {
-            if (sendpacket(dht->c->lossless_udp->net->sock, client->ip_port, packet, length) == length)
+                        int retval = sendpacket(dht->c->lossless_udp->net->sock, client->ip_port, packet, length);
+            if (retval != -1 && (uint32_t)retval == length)
                 ++sent;
         }
     }
@@ -916,7 +923,8 @@ static int routeone_tofriend(DHT *dht, uint8_t *friend_id, uint8_t *packet, uint
     if (n < 1)
         return 0;
 
-    if (sendpacket(dht->c->lossless_udp->net->sock, ip_list[rand() % n], packet, length) == length)
+    int retval = sendpacket(dht->c->lossless_udp->net->sock, ip_list[rand() % n], packet, length);
+    if (retval != -1 && (uint32_t)retval == length)
         return 1;
 
     return 0;
diff --git a/toxcore/Lossless_UDP.c b/toxcore/Lossless_UDP.c
index 270b4b35..f7b9d4b6 100644
--- a/toxcore/Lossless_UDP.c
+++ b/toxcore/Lossless_UDP.c
@@ -226,7 +226,7 @@ static void free_connections(Lossless_UDP *ludp)
  */
 int kill_connection(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id >= 0 && connection_id < ludp->connections.len) {
+    if (connection_id >= 0 && (uint32_t)connection_id < ludp->connections.len) {
         Connection *connection = &tox_array_get(&ludp->connections, connection_id, Connection);
 
         if (connection->status > 0) {
@@ -248,7 +248,7 @@ int kill_connection(Lossless_UDP *ludp, int connection_id)
  */
 int kill_connection_in(Lossless_UDP *ludp, int connection_id, uint32_t seconds)
 {
-    if (connection_id >= 0 && connection_id < ludp->connections.len) {
+    if (connection_id >= 0 && (uint32_t)connection_id < ludp->connections.len) {
         Connection *connection = &tox_array_get(&ludp->connections, connection_id, Connection);
 
         if (connection->status > 0) {
@@ -270,7 +270,7 @@ int kill_connection_in(Lossless_UDP *ludp, int connection_id, uint32_t seconds)
  */
 int is_connected(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id >= 0 && connection_id < ludp->connections.len)
+    if (connection_id >= 0 && (uint32_t)connection_id < ludp->connections.len)
         return tox_array_get(&ludp->connections, connection_id, Connection).status;
 
     return 0;
@@ -279,7 +279,7 @@ int is_connected(Lossless_UDP *ludp, int connection_id)
 /* return the ip_port of the corresponding connection. */
 IP_Port connection_ip(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id >= 0 && connection_id < ludp->connections.len)
+    if (connection_id >= 0 && (uint32_t)connection_id < ludp->connections.len)
         return tox_array_get(&ludp->connections, connection_id, Connection).ip_port;
 
     IP_Port zero = {{{{0}}, 0, 0}};
@@ -289,7 +289,7 @@ IP_Port connection_ip(Lossless_UDP *ludp, int connection_id)
 /* returns the number of packets in the queue waiting to be successfully sent. */
 uint32_t sendqueue(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id < 0 || connection_id >= ludp->connections.len)
+    if (connection_id < 0 || (uint32_t)connection_id >= ludp->connections.len)
         return 0;
 
     Connection *connection = &tox_array_get(&ludp->connections, connection_id, Connection);
@@ -299,7 +299,7 @@ uint32_t sendqueue(Lossless_UDP *ludp, int connection_id)
 /* returns the number of packets in the queue waiting to be successfully read with read_packet(...). */
 uint32_t recvqueue(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id < 0 || connection_id >= ludp->connections.len)
+    if (connection_id < 0 || (uint32_t)connection_id >= ludp->connections.len)
         return 0;
 
     Connection *connection = &tox_array_get(&ludp->connections, connection_id, Connection);
@@ -311,7 +311,7 @@ uint32_t recvqueue(Lossless_UDP *ludp, int connection_id)
  */
 char id_packet(Lossless_UDP *ludp, int connection_id)
 {
-    if (connection_id < 0 || connection_id >= ludp->connections.len || recvqueue(ludp, connection_id) == 0)
+    if (connection_id < 0 || (uint32_t)connection_id >= ludp->connections.len || recvqueue(ludp, connection_id) == 0)
         return -1;
 
     Connection *connection = &tox_array_get(&ludp->connections, connection_id, Connection);
diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c
index 70623611..33c37b06 100644
--- a/toxcore/Messenger.c
+++ b/toxcore/Messenger.c
@@ -28,6 +28,9 @@
 static void set_friend_status(Messenger *m, int friendnumber, uint8_t status);
 static int write_cryptpacket_id(Messenger *m, int friendnumber, uint8_t packet_id, uint8_t *data, uint32_t length);
 
+// friend_is_valid determines if the friendnumber passed is valid in the Messenger object
+static uint8_t friend_is_valid(int friendnumber, Messenger *m) { return friendnumber < 0 || (uint32_t)friendnumber >= m->numfriends; }
+
 /* return 1 if we are online.
  * return 0 if we are offline.
  * static uint8_t online;
@@ -76,7 +79,7 @@ int getfriend_id(Messenger *m, uint8_t *client_id)
  */
 int getclient_id(Messenger *m, int friend_id, uint8_t *client_id)
 {
-    if (friend_id >= m->numfriends || friend_id < 0)
+                if (friend_is_valid(friend_id,m))
         return -1;
 
     if (m->friendlist[friend_id].status > 0) {
@@ -246,7 +249,7 @@ int m_addfriend_norequest(Messenger *m, uint8_t *client_id)
  */
 int m_delfriend(Messenger *m, int friendnumber)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     DHT_delfriend(m->dht, m->friendlist[friendnumber].client_id);
@@ -276,7 +279,7 @@ int m_delfriend(Messenger *m, int friendnumber)
  */
 int m_friendstatus(Messenger *m, int friendnumber)
 {
-    if (friendnumber < 0 || friendnumber >= m->numfriends)
+    if (friend_is_valid(friendnumber,m))
         return NOFRIEND;
 
     return m->friendlist[friendnumber].status;
@@ -288,7 +291,7 @@ int m_friendstatus(Messenger *m, int friendnumber)
  */
 uint32_t m_sendmessage(Messenger *m, int friendnumber, uint8_t *message, uint32_t length)
 {
-    if (friendnumber < 0 || friendnumber >= m->numfriends)
+    if (friend_is_valid(friendnumber,m))
         return 0;
 
     uint32_t msgid = ++m->friendlist[friendnumber].message_id;
@@ -341,7 +344,7 @@ static int m_sendname(Messenger *m, int friendnumber, uint8_t *name, uint16_t le
  */
 static int setfriendname(Messenger *m, int friendnumber, uint8_t *name)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     memcpy(m->friendlist[friendnumber].name, name, MAX_NAME_LENGTH);
@@ -395,7 +398,7 @@ uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen)
  */
 int getname(Messenger *m, int friendnumber, uint8_t *name)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     memcpy(name, m->friendlist[friendnumber].name, MAX_NAME_LENGTH);
@@ -438,7 +441,7 @@ int m_set_userstatus(Messenger *m, USERSTATUS status)
  */
 int m_get_statusmessage_size(Messenger *m, int friendnumber)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     return m->friendlist[friendnumber].statusmessage_length;
@@ -449,7 +452,7 @@ int m_get_statusmessage_size(Messenger *m, int friendnumber)
  */
 int m_copy_statusmessage(Messenger *m, int friendnumber, uint8_t *buf, uint32_t maxlen)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     memset(buf, 0, maxlen);
@@ -466,7 +469,7 @@ int m_copy_self_statusmessage(Messenger *m, uint8_t *buf, uint32_t maxlen)
 
 USERSTATUS m_get_userstatus(Messenger *m, int friendnumber)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return USERSTATUS_INVALID;
 
     USERSTATUS status = m->friendlist[friendnumber].userstatus;
@@ -502,7 +505,7 @@ static int send_ping(Messenger *m, int friendnumber)
 
 static int set_friend_statusmessage(Messenger *m, int friendnumber, uint8_t *status, uint16_t length)
 {
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return -1;
 
     uint8_t *newstatus = calloc(length, 1);
@@ -524,7 +527,7 @@ void m_set_sends_receipts(Messenger *m, int friendnumber, int yesno)
     if (yesno != 0 || yesno != 1)
         return;
 
-    if (friendnumber >= m->numfriends || friendnumber < 0)
+    if (friend_is_valid(friendnumber,m))
         return;
 
     m->friendlist[friendnumber].receives_read_receipts = yesno;
@@ -606,7 +609,7 @@ void set_friend_status(Messenger *m, int friendnumber, uint8_t status)
 
 int write_cryptpacket_id(Messenger *m, int friendnumber, uint8_t packet_id, uint8_t *data, uint32_t length)
 {
-    if (friendnumber < 0 || friendnumber >= m->numfriends)
+    if (friend_is_valid(friendnumber,m))
         return 0;
 
     if (length >= MAX_DATA_SIZE || m->friendlist[friendnumber].status != FRIEND_ONLINE)
@@ -853,7 +856,7 @@ void doFriends(Messenger *m)
                     case PACKET_ID_RECEIPT: {
                         uint32_t msgid;
 
-                        if (data_length < sizeof(msgid))
+                        if (data_length < 0 || (uint32_t)data_length < sizeof(msgid))
                             break;
 
                         memcpy(&msgid, data, sizeof(msgid));
@@ -959,7 +962,7 @@ void Messenger_save(Messenger *m, uint8_t *data)
 /* Load the messenger from data of size length. */
 int Messenger_load(Messenger *m, uint8_t *data, uint32_t length)
 {
-    if (length == ~0)
+    if (length == ~((uint32_t)0))
         return -1;
 
     if (length < crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES + sizeof(uint32_t) * 3)
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c
index 87c98089..f55f40a1 100644
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@@ -32,6 +32,8 @@
 #define CONN_ESTABLISHED 3
 #define CONN_TIMED_OUT 4
 
+static uint8_t crypt_id_valid(int crypt_connection_id, Net_Crypto *c) { return crypt_connection_id < 0 || (uint32_t)crypt_connection_id >= c->crypto_connections_length; }
+
 /* Use this instead of memcmp; not vulnerable to timing attacks. */
 uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
 {
@@ -150,7 +152,7 @@ void random_nonce(uint8_t *nonce)
  */
 int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
 {
-    if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length)
+    if (crypt_id_valid(crypt_connection_id,c))
         return 0;
 
     if (c->crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED)
@@ -182,7 +184,7 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
  */
 int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uint32_t length)
 {
-    if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length)
+    if (crypt_id_valid(crypt_connection_id,c))
         return 0;
 
     if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1)
@@ -304,7 +306,8 @@ static int cryptopacket_handle(void *object, IP_Port source, uint8_t *packet, ui
                     len);
 
         } else { /* If request is not for us, try routing it. */
-            if (route_packet(dht, packet + 1, packet, length) == length)
+            int retval = route_packet(dht, packet + 1, packet, length);
+            if (retval < 0 || (uint32_t)retval == length)
                 return 0;
         }
     }
@@ -505,7 +508,7 @@ int crypto_inbound(Net_Crypto *c, uint8_t *public_key, uint8_t *secret_nonce, ui
  */
 int crypto_kill(Net_Crypto *c, int crypt_connection_id)
 {
-    if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length)
+    if (crypt_id_valid(crypt_connection_id,c))
         return 1;
 
     if (c->crypto_connections[crypt_connection_id].status != CONN_NO_CONNECTION) {
@@ -596,7 +599,7 @@ int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key,
  */
 int is_cryptoconnected(Net_Crypto *c, int crypt_connection_id)
 {
-    if (crypt_connection_id >= 0 && crypt_connection_id < c->crypto_connections_length)
+    if (crypt_connection_id >= 0 && (uint32_t)crypt_connection_id < c->crypto_connections_length)
         return c->crypto_connections[crypt_connection_id].status;
 
     return CONN_NO_CONNECTION;