From 24aafa6dacaa03a73674ef049ceeae102693438f Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Mon, 3 Sep 2018 15:43:36 +0100
Subject: [PATCH 1/4] UDP_Socket: Add missing limit checks for s, for client
 and broadcast addresses

---
 src/i_tcp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/i_tcp.c b/src/i_tcp.c
index 6488e9845..5c6606668 100644
--- a/src/i_tcp.c
+++ b/src/i_tcp.c
@@ -1044,7 +1044,7 @@ static boolean UDP_Socket(void)
 	if (gaie == 0)
 	{
 		runp = ai;
-		while (runp != NULL)
+		while (runp != NULL && s < MAXNETNODES+1)
 		{
 			memcpy(&clientaddress[s], runp->ai_addr, runp->ai_addrlen);
 			s++;
@@ -1064,7 +1064,7 @@ static boolean UDP_Socket(void)
 	if (gaie == 0)
 	{
 		runp = ai;
-		while (runp != NULL)
+		while (runp != NULL && s < MAXNETNODES+1)
 		{
 			memcpy(&broadcastaddress[s], runp->ai_addr, runp->ai_addrlen);
 			s++;
@@ -1087,7 +1087,7 @@ static boolean UDP_Socket(void)
 		if (gaie == 0)
 		{
 			runp = ai;
-			while (runp != NULL)
+			while (runp != NULL && s < MAXNETNODES+1)
 			{
 				memcpy(&broadcastaddress[s], runp->ai_addr, runp->ai_addrlen);
 				s++;

From 846bddfdcf9514e8164bd1157c58ab2ac614ae8a Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Mon, 3 Sep 2018 15:52:22 +0100
Subject: [PATCH 2/4] SOCK_Send: Fix what appears to be a mistaken use of i
 instead of j

---
 src/i_tcp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/i_tcp.c b/src/i_tcp.c
index 5c6606668..3b609914d 100644
--- a/src/i_tcp.c
+++ b/src/i_tcp.c
@@ -707,10 +707,10 @@ static void SOCK_Send(void)
 			{
 				if (myfamily[i] == broadcastaddress[j].any.sa_family)
 				{
-					if (broadcastaddress[i].any.sa_family == AF_INET)
+					if (broadcastaddress[j].any.sa_family == AF_INET)
 						d = d4;
 #ifdef HAVE_IPV6
-					else if (broadcastaddress[i].any.sa_family == AF_INET6)
+					else if (broadcastaddress[j].any.sa_family == AF_INET6)
 						d = d6;
 #endif
 					else

From 7b083f07cd306ca8790427b0257ca1f06f7d3a3e Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Mon, 3 Sep 2018 15:56:02 +0100
Subject: [PATCH 3/4] UDP_Socket: I doubt client addresses are meant to be
 included in the total for broadcast addresses

---
 src/i_tcp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/i_tcp.c b/src/i_tcp.c
index 3b609914d..d11be4285 100644
--- a/src/i_tcp.c
+++ b/src/i_tcp.c
@@ -1059,6 +1059,9 @@ static boolean UDP_Socket(void)
 		clientaddress[s].ip4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); //GetLocalAddress(); // my own ip
 		s++;
 	}
+
+	s = 0;
+
 	// setup broadcast adress to BROADCASTADDR entry
 	gaie = I_getaddrinfo("255.255.255.255", "0", &hints, &ai);
 	if (gaie == 0)

From ea06e8a62b42d4e85112742ca668a7a6495beaf9 Mon Sep 17 00:00:00 2001
From: Monster Iestyn <iestynjealous@ntlworld.com>
Date: Mon, 3 Sep 2018 20:53:40 +0100
Subject: [PATCH 4/4] SOCK_Send: Split the actual sending data parts into a new
 function, SOCK_SendToAddr, to make everything look a bit neater in general

---
 src/i_tcp.c | 59 ++++++++++++++++++-----------------------------------
 1 file changed, 20 insertions(+), 39 deletions(-)

diff --git a/src/i_tcp.c b/src/i_tcp.c
index d11be4285..16e7bf2f6 100644
--- a/src/i_tcp.c
+++ b/src/i_tcp.c
@@ -686,14 +686,29 @@ static boolean SOCK_CanGet(void)
 #endif
 
 #ifndef NONET
-static void SOCK_Send(void)
+static inline ssize_t SOCK_SendToAddr(SOCKET_TYPE socket, mysockaddr_t *sockaddr)
 {
-	ssize_t c = ERRSOCKET;
 	socklen_t d4 = (socklen_t)sizeof(struct sockaddr_in);
 #ifdef HAVE_IPV6
 	socklen_t d6 = (socklen_t)sizeof(struct sockaddr_in6);
 #endif
 	socklen_t d, da = (socklen_t)sizeof(mysockaddr_t);
+
+	switch (sockaddr->any.sa_family)
+	{
+		case AF_INET:  d = d4; break;
+#ifdef HAVE_IPV6
+		case AF_INET6: d = d6; break;
+#endif
+		default:       d = da; break;
+	}
+
+	return sendto(socket, (char *)&doomcom->data, doomcom->datalength, 0, &sockaddr->any, d);
+}
+
+static void SOCK_Send(void)
+{
+	ssize_t c = ERRSOCKET;
 	size_t i, j;
 
 	if (!nodeconnected[doomcom->remotenode])
@@ -706,19 +721,7 @@ static void SOCK_Send(void)
 			for (j = 0; j < broadcastaddresses; j++)
 			{
 				if (myfamily[i] == broadcastaddress[j].any.sa_family)
-				{
-					if (broadcastaddress[j].any.sa_family == AF_INET)
-						d = d4;
-#ifdef HAVE_IPV6
-					else if (broadcastaddress[j].any.sa_family == AF_INET6)
-						d = d6;
-#endif
-					else
-						d = da;
-
-					c = sendto(mysockets[i], (char *)&doomcom->data, doomcom->datalength, 0,
-						&broadcastaddress[j].any, d);
-				}
+					SOCK_SendToAddr(mysockets[i], &broadcastaddress[j]);
 			}
 		}
 		return;
@@ -728,35 +731,13 @@ static void SOCK_Send(void)
 		for (i = 0; i < mysocketses; i++)
 		{
 			if (myfamily[i] == clientaddress[doomcom->remotenode].any.sa_family)
-			{
-				if (clientaddress[doomcom->remotenode].any.sa_family == AF_INET)
-					d = d4;
-#ifdef HAVE_IPV6
-				else if (clientaddress[doomcom->remotenode].any.sa_family == AF_INET6)
-					d = d6;
-#endif
-				else
-					d = da;
-
-				sendto(mysockets[i], (char *)&doomcom->data, doomcom->datalength, 0,
-					&clientaddress[doomcom->remotenode].any, d);
-			}
+				SOCK_SendToAddr(mysockets[i], &clientaddress[doomcom->remotenode]);
 		}
 		return;
 	}
 	else
 	{
-		if (clientaddress[doomcom->remotenode].any.sa_family == AF_INET)
-			d = d4;
-#ifdef HAVE_IPV6
-		else if (clientaddress[doomcom->remotenode].any.sa_family == AF_INET6)
-			d = d6;
-#endif
-		else
-			d = da;
-
-		c = sendto(nodesocket[doomcom->remotenode], (char *)&doomcom->data, doomcom->datalength, 0,
-			&clientaddress[doomcom->remotenode].any, d);
+		c = SOCK_SendToAddr(nodesocket[doomcom->remotenode], &clientaddress[doomcom->remotenode]);
 	}
 
 	if (c == ERRSOCKET && errno != ECONNREFUSED && errno != EWOULDBLOCK)