From ce3671a3207c72ac0cfcb345516a7fc28f8ea831 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:10:53 -0500
Subject: [PATCH 1/9] Remove test conditional that will always evaluate to
 false.

---
 src/user.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/user.c b/src/user.c
index f5ad924..da589fe 100644
--- a/src/user.c
+++ b/src/user.c
@@ -192,7 +192,7 @@ user_set_conn_type(int userid, enum connection c)
 	if (userid < 0 || userid >= usercount)
 		return;
 
-	if (c < 0 || c >= CONN_MAX)
+	if (c >= CONN_MAX)
 		return;
 	
 	users[userid].conn = c;

From e8cda1fa304086dd5805df29cf477a70372f6781 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:16:07 -0500
Subject: [PATCH 2/9] Remove implicit conversions that lose precision.

---
 src/common.c  |  2 +-
 src/iodine.c  |  2 +-
 src/iodined.c | 16 ++++++++--------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/common.c b/src/common.c
index 5f202da..0940ef1 100644
--- a/src/common.c
+++ b/src/common.c
@@ -196,7 +196,7 @@ open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
 	setsockopt(fd, IPPROTO_IP, IP_OPT_DONT_FRAG, (const void*) &flag, sizeof(flag));
 #endif
 
-	if(bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
+	if(bind(fd, (struct sockaddr*) sockaddr, (unsigned) sockaddr_len) < 0)
 		err(1, "bind");
 
 	fprintf(stderr, "Opened IPv%d UDP socket\n", sockaddr->ss_family == AF_INET6 ? 6 : 4);
diff --git a/src/iodine.c b/src/iodine.c
index 519eac3..d64da01 100644
--- a/src/iodine.c
+++ b/src/iodine.c
@@ -148,7 +148,7 @@ main(int argc, char **argv)
 #endif
 	username = NULL;
 	memset(password, 0, 33);
-	srand(time(NULL));
+	srand((unsigned) time(NULL));
 	foreground = 0;
 	newroot = NULL;
 	context = NULL;
diff --git a/src/iodined.c b/src/iodined.c
index 75979d9..7f6ee12 100644
--- a/src/iodined.c
+++ b/src/iodined.c
@@ -123,12 +123,12 @@ static int get_external_ip(struct in_addr *ip)
 	freeaddrinfo(addr);
 	if (res < 0) return 3;
 
-	res = write(sock, getstr, strlen(getstr));
+	res = (int) write(sock, getstr, strlen(getstr));
 	if (res != strlen(getstr)) return 4;
 
 	/* Zero buf before receiving, leave at least one zero at the end */
 	memset(buf, 0, sizeof(buf));
-	res = read(sock, buf, sizeof(buf) - 1);
+	res = (int) read(sock, buf, sizeof(buf) - 1);
 	if (res < 0) return 5;
 	len = res;
 
@@ -607,7 +607,7 @@ tunnel_tun(int tun_fd, int dns_fd)
 	int userid;
 	int read;
 
-	if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
+	if ((read = (int) read_tun(tun_fd, in, sizeof(in))) <= 0)
 		return 0;
 	
 	/* find target ip in packet, in is padded with 4 bytes TUN header */
@@ -625,12 +625,12 @@ tunnel_tun(int tun_fd, int dns_fd)
 		   If the queue is full, drop the packet. TCP will hopefully notice
 		   and reduce the packet rate. */
 		if (users[userid].outpacket.len > 0) {
-			save_to_outpacketq(userid, out, outlen);
+			save_to_outpacketq(userid, out, (int) outlen);
 			return 0;
 		}
 #endif
 
-		start_new_outpacket(userid, out, outlen);
+		start_new_outpacket(userid, out, (int) outlen);
 
 		/* Start sending immediately if query is waiting */
 		if (users[userid].q_sendrealsoon.id != 0)
@@ -638,10 +638,10 @@ tunnel_tun(int tun_fd, int dns_fd)
 		else if (users[userid].q.id != 0)
 			send_chunk_or_dataless(dns_fd, userid, &users[userid].q);
 
-		return outlen;
+		return (int) outlen;
 	} else { /* CONN_RAW_UDP */
-		send_raw(dns_fd, out, outlen, userid, RAW_HDR_CMD_DATA, &users[userid].q);
-		return outlen;
+		send_raw(dns_fd, out, (int) outlen, userid, RAW_HDR_CMD_DATA, &users[userid].q);
+		return (int) outlen;
 	}
 }
 

From 1c920b85f608b9abb32f635876798de3be74e457 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:21:10 -0500
Subject: [PATCH 3/9] Move common #define's into an enum.

---
 src/android_dns.h | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/android_dns.h b/src/android_dns.h
index dafd8ec..1bff986 100644
--- a/src/android_dns.h
+++ b/src/android_dns.h
@@ -20,12 +20,7 @@ typedef struct {
 	unsigned arcount :16;
 } HEADER;
 
-#define NOERROR		0
-#define FORMERR		1
-#define SERVFAIL	2
-#define NXDOMAIN	3
-#define NOTIMP		4
-#define REFUSED		5
+typedef enum {NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED} Error;
 
 #define C_IN		1
 

From 695e570e7fe93f4677f54dcbad32334f063083fc Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:37:27 -0500
Subject: [PATCH 4/9] Remove more implicit casts that lost precision; declared
 function parameters as void if no function arguments were taken in.

---
 src/base128.c  |  10 +--
 src/base32.c   |  18 ++---
 src/base64.c   |  13 ++--
 src/base64u.c  | 206 +++++++++++++++++++++++++++++++++++++++++++++++++
 src/client.c   |  10 +--
 src/common.c   |   2 +-
 src/encoding.c |   8 +-
 src/fw_query.c |   2 +-
 src/iodine.c   |   6 +-
 src/iodined.c  |   6 +-
 src/read.c     |  10 +--
 src/user.c     |   8 +-
 src/util.c     |   2 +-
 13 files changed, 252 insertions(+), 49 deletions(-)
 create mode 100644 src/base64u.c

diff --git a/src/base128.c b/src/base128.c
index 32a29f8..7c77692 100644
--- a/src/base128.c
+++ b/src/base128.c
@@ -70,31 +70,31 @@ static struct encoder base128_encoder =
 };
 
 struct encoder
-*get_base128_encoder()
+*get_base128_encoder(void)
 {
 	return &base128_encoder;
 }
 
 static int 
-base128_handles_dots()
+base128_handles_dots(void)
 {
 	return 0;
 }
 
 static int 
-base128_blksize_raw()
+base128_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 
 static int 
-base128_blksize_enc()
+base128_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 
 inline static void
-base128_reverse_init()
+base128_reverse_init(void)
 {
 	int i;
 	unsigned char c;
diff --git a/src/base32.c b/src/base32.c
index 8731a92..4492899 100644
--- a/src/base32.c
+++ b/src/base32.c
@@ -25,10 +25,8 @@
 #define BLKSIZE_RAW 5
 #define BLKSIZE_ENC 8
 
-static const char cb32[] = 
-	"abcdefghijklmnopqrstuvwxyz012345";
-static const char cb32_ucase[] = 
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
+static const char cb32[] = "abcdefghijklmnopqrstuvwxyz012345";
+static const char cb32_ucase[] =  "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
 static unsigned char rev32[256];
 static int reverse_init = 0;
 
@@ -50,31 +48,31 @@ static struct encoder base32_encoder =
 };
 
 struct encoder
-*get_base32_encoder()
+*get_base32_encoder(void)
 {
 	return &base32_encoder;
 }
 
 static int 
-base32_handles_dots()
+base32_handles_dots(void)
 {
 	return 0;
 }
 
 static int 
-base32_blksize_raw()
+base32_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 
 static int 
-base32_blksize_enc()
+base32_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 
 inline static void
-base32_reverse_init()
+base32_reverse_init(void)
 {
 	int i;
 	unsigned char c;
@@ -213,7 +211,7 @@ base32_decode(void *buf, size_t *buflen, const char *str, size_t slen)
 	int iout = 0;	/* to-be-filled output byte */
 	int iin = 0;	/* next input char to use in decoding */
 
-	base32_reverse_init ();
+	base32_reverse_init();
 
 	/* Note: Don't bother to optimize manually. GCC optimizes
 	   better(!) when using simplistic array indexing. */
diff --git a/src/base64.c b/src/base64.c
index 5218c09..aeca1de 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -27,8 +27,7 @@
 
 /* Note: the "unofficial" char is last here, which means that the \377 pattern
    in DOWNCODECCHECK1 ('Y' request) will properly test it. */
-static const char cb64[] = 
-	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
+static const char cb64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
 static unsigned char rev64[256];
 static int reverse_init = 0;
 
@@ -50,31 +49,31 @@ static struct encoder base64_encoder =
 };
 
 struct encoder
-*get_base64_encoder()
+*get_base64_encoder(void)
 {
 	return &base64_encoder;
 }
 
 static int 
-base64_handles_dots()
+base64_handles_dots(void)
 {
 	return 0;
 }
 
 static int 
-base64_blksize_raw()
+base64_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 
 static int 
-base64_blksize_enc()
+base64_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 
 inline static void
-base64_reverse_init()
+base64_reverse_init(void)
 {
 	int i;
 	unsigned char c;
diff --git a/src/base64u.c b/src/base64u.c
new file mode 100644
index 0000000..0c8de84
--- /dev/null
+++ b/src/base64u.c
@@ -0,0 +1,206 @@
+/* No use in editing, produced by Makefile! */
+/*
+ * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
+ * Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "encoding.h"
+#include "base64u.h"
+
+#define BLKSIZE_RAW 3
+#define BLKSIZE_ENC 4
+
+/* Note: the "unofficial" char is last here, which means that the \377 pattern
+   in DOWNCODECCHECK1 ('Y' request) will properly test it. */
+static const char cb64[] = 
+	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789_";
+static unsigned char rev64[256];
+static int reverse_init = 0;
+
+static int base64u_encode(char *, size_t *, const void *, size_t);
+static int base64u_decode(void *, size_t *, const char *, size_t);
+static int base64u_handles_dots();
+static int base64u_blksize_raw();
+static int base64u_blksize_enc();
+
+static struct encoder base64u_encoder =
+{
+	"Base64u",
+	base64u_encode,
+	base64u_decode,
+	base64u_handles_dots,
+	base64u_handles_dots,
+	base64u_blksize_raw,
+	base64u_blksize_enc
+};
+
+struct encoder
+*get_base64u_encoder(void)
+{
+	return &base64u_encoder;
+}
+
+static int 
+base64u_handles_dots(void)
+{
+	return 0;
+}
+
+static int 
+base64u_blksize_raw(void)
+{
+	return BLKSIZE_RAW;
+}
+
+static int 
+base64u_blksize_enc(void)
+{
+	return BLKSIZE_ENC;
+}
+
+inline static void
+base64u_reverse_init(void)
+{
+	int i;
+	unsigned char c;
+
+	if (!reverse_init) {
+		memset (rev64, 0, 256);
+		for (i = 0; i < 64; i++) {
+			c = cb64[i];
+			rev64[(int) c] = i;
+		}
+		reverse_init = 1;
+	}
+}
+
+static int 
+base64u_encode(char *buf, size_t *buflen, const void *data, size_t size)
+/*
+ * Fills *buf with max. *buflen characters, encoding size bytes of *data.
+ *
+ * NOTE: *buf space should be at least 1 byte _more_ than *buflen
+ * to hold the trailing '\0'.
+ *
+ * return value    : #bytes filled in buf   (excluding \0)
+ * sets *buflen to : #bytes encoded from data
+ */
+{
+	unsigned char *udata = (unsigned char *) data;
+	int iout = 0;	/* to-be-filled output char */
+	int iin = 0;	/* one more than last input byte that can be
+			   successfully decoded */
+
+	/* Note: Don't bother to optimize manually. GCC optimizes
+	   better(!) when using simplistic array indexing. */
+
+	while (1) {
+		if (iout >= *buflen || iin >= size)
+			break;
+		buf[iout] = cb64[((udata[iin] & 0xfc) >> 2)];
+		iout++;
+
+		if (iout >= *buflen || iin >= size) {
+			iout--;		/* previous char is useless */
+			break;
+		}
+		buf[iout] = cb64[((udata[iin] & 0x03) << 4) |
+				  ((iin + 1 < size) ?
+				   ((udata[iin + 1] & 0xf0) >> 4) : 0)];
+		iin++;			/* 0 complete, iin=1 */
+		iout++;
+
+		if (iout >= *buflen || iin >= size)
+			break;
+		buf[iout] = cb64[((udata[iin] & 0x0f) << 2 ) |
+				  ((iin + 1 < size) ?
+				   ((udata[iin + 1] & 0xc0) >> 6) : 0)];
+		iin++;			/* 1 complete, iin=2 */
+		iout++;
+
+		if (iout >= *buflen || iin >= size)
+			break;
+		buf[iout] = cb64[(udata[iin] & 0x3f)];
+		iin++;			/* 2 complete, iin=3 */
+		iout++;
+	}
+
+	buf[iout] = '\0';
+
+	/* store number of bytes from data that was used */
+	*buflen = iin;
+
+	return iout;
+}
+
+#define REV64(x) rev64[(int) (x)]
+
+static int
+base64u_decode(void *buf, size_t *buflen, const char *str, size_t slen)
+/*
+ * Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
+ * Decoding stops early when *str contains \0.
+ * Illegal encoded chars are assumed to decode to zero.
+ *
+ * NOTE: *buf space should be at least 1 byte _more_ than *buflen
+ * to hold a trailing '\0' that is added (though *buf will usually
+ * contain full-binary data).
+ *
+ * return value    : #bytes filled in buf   (excluding \0)
+ */
+{
+	unsigned char *ubuf = (unsigned char *) buf;
+	int iout = 0;	/* to-be-filled output byte */
+	int iin = 0;	/* next input char to use in decoding */
+
+	base64u_reverse_init ();
+
+	/* Note: Don't bother to optimize manually. GCC optimizes
+	   better(!) when using simplistic array indexing. */
+
+	while (1) {
+		if (iout >= *buflen || iin + 1 >= slen ||
+		    str[iin] == '\0' || str[iin + 1] == '\0')
+			break;
+		ubuf[iout] = ((REV64(str[iin]) & 0x3f) << 2) | 
+			     ((REV64(str[iin + 1]) & 0x30) >> 4);
+		iin++;  		/* 0 used up, iin=1 */
+		iout++;
+
+		if (iout >= *buflen || iin + 1 >= slen ||
+		    str[iin] == '\0' || str[iin + 1] == '\0')
+			break;
+		ubuf[iout] = ((REV64(str[iin]) & 0x0f) << 4) | 
+			     ((REV64(str[iin + 1]) & 0x3c) >> 2);
+		iin++;  		/* 1 used up, iin=2 */
+		iout++;
+
+		if (iout >= *buflen || iin + 1 >= slen ||
+		    str[iin] == '\0' || str[iin + 1] == '\0')
+			break;
+		ubuf[iout] = ((REV64(str[iin]) & 0x03) << 6) |
+			     (REV64(str[iin + 1]) & 0x3f);
+		iin += 2;  		/* 2,3 used up, iin=4 */
+		iout++;
+	}
+
+	ubuf[iout] = '\0';
+
+	return iout;
+}
diff --git a/src/client.c b/src/client.c
index efb0f51..6f7740d 100644
--- a/src/client.c
+++ b/src/client.c
@@ -110,7 +110,7 @@ static long send_query_recvcnt = 0;
 static int hostname_maxlen = 0xFF;
 
 void
-client_init()
+client_init(void)
 {
 	running = 1;
 	b32 = get_base32_encoder();
@@ -136,13 +136,13 @@ client_init()
 }
 
 void
-client_stop()
+client_stop(void)
 {
 	running = 0;
 }
 
 enum connection
-client_get_conn()
+client_get_conn(void)
 {
 	return conn;
 }
@@ -232,7 +232,7 @@ client_set_hostname_maxlen(int i)
 }
 
 const char *
-client_get_raw_addr()
+client_get_raw_addr(void)
 {
 	return inet_ntoa(raw_serv.sin_addr);
 }
@@ -338,7 +338,7 @@ send_packet(int fd, char cmd, const char *data, const size_t datalen)
 }
 
 static inline int
-is_sending()
+is_sending(void)
 {
 	return (outpkt.len != 0);
 }
diff --git a/src/common.c b/src/common.c
index 0940ef1..017362e 100644
--- a/src/common.c
+++ b/src/common.c
@@ -268,7 +268,7 @@ do_pidfile(char *pidfile)
 }
 
 void
-do_detach()
+do_detach(void)
 {
 #ifndef WINDOWS32
 	fprintf(stderr, "Detaching from terminal...\n");
diff --git a/src/encoding.c b/src/encoding.c
index 4b5fb08..bf5ffbd 100644
--- a/src/encoding.c
+++ b/src/encoding.c
@@ -51,7 +51,7 @@ build_hostname(char *buf, size_t buflen,
 
 	strncpy(b, topdomain, strlen(topdomain)+1);
 
-	return space;
+	return (int) space;
 }
 
 int
@@ -70,7 +70,7 @@ inline_dotify(char *buf, size_t buflen)
 	unsigned total;
 	char *reader, *writer;
 
-	total = strlen(buf);
+	total = (int) strlen(buf);
 	dots = total / 57;
 
 	writer = buf;
@@ -81,7 +81,7 @@ inline_dotify(char *buf, size_t buflen)
 	if (strlen(buf) + dots > buflen) {
 		writer = buf;
 		writer += buflen;
-		total = buflen;
+		total = (int) buflen;
 	}
 
 	reader = writer - dots;
@@ -125,5 +125,5 @@ inline_undotify(char *buf, size_t len)
 	}
 	
 	/* return new length of string */
-	return len - dots;
+	return (int)(len - dots);
 }
diff --git a/src/fw_query.c b/src/fw_query.c
index 3727f08..f39ec15 100644
--- a/src/fw_query.c
+++ b/src/fw_query.c
@@ -20,7 +20,7 @@
 static struct fw_query fwq[FW_QUERY_CACHE_SIZE];
 static int fwq_ix;
 
-void fw_query_init()
+void fw_query_init(void)
 {
 	memset(fwq, 0, sizeof(struct fw_query) * FW_QUERY_CACHE_SIZE);
 	fwq_ix = 0;
diff --git a/src/iodine.c b/src/iodine.c
index d64da01..2a6e2f2 100644
--- a/src/iodine.c
+++ b/src/iodine.c
@@ -58,7 +58,7 @@ sighandler(int sig)
 }
 
 static void
-usage() {
+usage(void) {
 	extern char *__progname;
 
 	fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
@@ -68,7 +68,7 @@ usage() {
 }
 
 static void
-help() {
+help(void) {
 	extern char *__progname;
 
 	fprintf(stderr, "iodine IP over DNS tunneling client\n");
@@ -101,7 +101,7 @@ help() {
 }
 
 static void
-version() {
+version(void) {
 
 	fprintf(stderr, "iodine IP over DNS tunneling client\n");
 	fprintf(stderr, "Git version: %s\n", GITREVISION);
diff --git a/src/iodined.c b/src/iodined.c
index 7f6ee12..f097eb5 100644
--- a/src/iodined.c
+++ b/src/iodined.c
@@ -2173,7 +2173,7 @@ write_dns(int fd, struct query *q, char *data, int datalen, char downenc)
 }
 
 static void
-usage() {
+usage(void) {
 	extern char *__progname;
 
 	fprintf(stderr, "Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
@@ -2185,7 +2185,7 @@ usage() {
 }
 
 static void
-help() {
+help(void) {
 	extern char *__progname;
 
 	fprintf(stderr, "iodine IP over DNS tunneling server\n");
@@ -2221,7 +2221,7 @@ help() {
 }
 
 static void
-version() {
+version(void) {
 	fprintf(stderr, "iodine IP over DNS tunneling server\n");
 	fprintf(stderr, "Git version: %s\n", GITREVISION);
 	exit(0);
diff --git a/src/read.c b/src/read.c
index f4ad4a8..616d516 100644
--- a/src/read.c
+++ b/src/read.c
@@ -119,7 +119,7 @@ readdata(char *packet, char **src, char *dst, size_t len)
 
 	(*src) += len;
 
-	return len;
+	return (int) len;
 }
 
 int
@@ -160,7 +160,7 @@ putname(char **buf, size_t buflen, const char *host)
 	char *p;
 
 	h = strdup(host);
-	left = buflen;
+	left = (int) buflen;
 	p = *buf;
 	
 	word = strtok(h, ".");
@@ -183,7 +183,7 @@ putname(char **buf, size_t buflen, const char *host)
 	free(h);
 
 	*buf = p;
-	return buflen - left;
+	return (int) (buflen - left);
 }
 
 int
@@ -232,7 +232,7 @@ putdata(char **dst, char *data, size_t len)
 	memcpy(*dst, data, len);
 	
 	(*dst) += len;
-	return len;
+	return (int) len;
 }
 
 int
@@ -246,7 +246,7 @@ puttxtbin(char **buf, size_t bufremain, char *from, size_t fromremain)
 
 	while (fromremain > 0)
 	{
-		tocopy = fromremain;
+		tocopy = (int) fromremain;
 		if (tocopy > 252)
 			tocopy = 252;	/* allow off-by-1s in caches etc */
 		if (tocopy + 1 > bufremain)
diff --git a/src/user.c b/src/user.c
index da589fe..47522c7 100644
--- a/src/user.c
+++ b/src/user.c
@@ -82,7 +82,7 @@ init_users(in_addr_t my_ip, int netbits)
 }
 
 const char*
-users_get_first_ip()
+users_get_first_ip(void)
 {
 	struct in_addr ip;
 	ip.s_addr = users[0].tun_ip;
@@ -90,7 +90,7 @@ users_get_first_ip()
 }
 
 int
-users_waiting_on_reply()
+users_waiting_on_reply(void)
 {
 	int ret;
 	int i;
@@ -126,7 +126,7 @@ find_user_by_ip(uint32_t ip)
 }
 
 int
-all_users_waiting_to_send()
+all_users_waiting_to_send(void)
 /* If this returns true, then reading from tun device is blocked.
    So only return true when all clients have at least one packet in
    the outpacket-queue, so that sending back-to-back is possible
@@ -159,7 +159,7 @@ all_users_waiting_to_send()
 }
 
 int
-find_available_user()
+find_available_user(void)
 {
 	int ret = -1;
 	int i;
diff --git a/src/util.c b/src/util.c
index 7a365ac..d109c4b 100644
--- a/src/util.c
+++ b/src/util.c
@@ -18,7 +18,7 @@
 #include "common.h"
 
 char *
-get_resolvconf_addr()
+get_resolvconf_addr(void)
 {
 	static char addr[16];
 	char *rv;

From ca3dde98e9a48cc165313d3c9055ade0e450af67 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:39:56 -0500
Subject: [PATCH 5/9] Change compiler standard to C11 and add optimization
 level 3 to the flags.

---
 src/Makefile  | 2 +-
 src/base64u.c | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index 5fbfbbd..10df8d1 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -10,7 +10,7 @@ HEAD_COMMIT = `git rev-parse --short HEAD`
 
 LIBPATH = -L.
 LDFLAGS +=  -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
-CFLAGS += -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
+CFLAGS += --std=gnu11 -O3 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
 
 all: stateos $(CLIENT) $(SERVER)
 
diff --git a/src/base64u.c b/src/base64u.c
index 0c8de84..3c81e93 100644
--- a/src/base64u.c
+++ b/src/base64u.c
@@ -28,8 +28,7 @@
 
 /* Note: the "unofficial" char is last here, which means that the \377 pattern
    in DOWNCODECCHECK1 ('Y' request) will properly test it. */
-static const char cb64[] = 
-	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789_";
+static const char cb64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789_";
 static unsigned char rev64[256];
 static int reverse_init = 0;
 

From 9634d0271f25a62da9bfaefbc582b186b06925bd Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 19:50:39 -0500
Subject: [PATCH 6/9] Simplify NULL checks.

---
 src/common.c  |  2 +-
 src/dns.c     | 10 +++++-----
 src/iodine.c  | 16 ++++++++--------
 src/iodined.c | 20 +++++++++-----------
 src/tun.c     |  4 ++--
 src/util.c    |  6 +++---
 6 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/src/common.c b/src/common.c
index 017362e..ec051bd 100644
--- a/src/common.c
+++ b/src/common.c
@@ -255,7 +255,7 @@ do_pidfile(char *pidfile)
 #ifndef WINDOWS32
 	FILE *file;
 
-	if ((file = fopen(pidfile, "w")) == NULL) {
+	if ((file = fopen(pidfile, "w"))) {
 		syslog(LOG_ERR, "Cannot write pidfile to %s, exiting", pidfile);
 		err(1, "do_pidfile: Can not write pidfile to %s", pidfile);
 	} else {
diff --git a/src/dns.c b/src/dns.c
index bd1257f..938751a 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -431,7 +431,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		
 	rlen = 0;
 
-	if (q != NULL) 
+	if (q)
 		q->rcode = header->rcode;
 
 	switch (qr) {
@@ -441,7 +441,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 			return -1;
 		}
 
-		if (q != NULL) 
+		if (q)
 			q->id = id;
 
 		/* Read name even if no answer, to give better error message */
@@ -451,7 +451,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		readshort(packet, &data, &class);
 		
 		/* if CHECKLEN okay, then we're sure to have a proper name */
-		if (q != NULL) {
+		if (q) {
 			/* We only need the first char to check it */
 			q->name[0] = name[0];
 			q->name[1] = '\0';
@@ -577,7 +577,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		}
 
 		/* Here type is the answer type (note A->CNAME) */
-		if (q != NULL)
+		if (q)
 			q->type = type;
 		break;
 	case QR_QUERY:
@@ -593,7 +593,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		readshort(packet, &data, &type);
 		readshort(packet, &data, &class);
 
-		if (q == NULL) {
+		if (!q) {
 			rv = 0;
 			break;
 		}
diff --git a/src/iodine.c b/src/iodine.c
index 2a6e2f2..fc1d500 100644
--- a/src/iodine.c
+++ b/src/iodine.c
@@ -173,7 +173,7 @@ main(int argc, char **argv)
 	
 #if !defined(BSD) && !defined(__GLIBC__)
 	__progname = strrchr(argv[0], '/');
-	if (__progname == NULL)
+	if (!__progname)
 		__progname = argv[0];
 	else
 		__progname++;
@@ -320,9 +320,9 @@ main(int argc, char **argv)
 	client_set_topdomain(topdomain);
 	client_set_hostname_maxlen(hostname_maxlen);
 	
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
-		if ((pw = getpwnam(username)) == NULL) {
+		if (!(pw = getpwnam(username))) {
 			warnx("User %s does not exist!\n", username);
 			usage();
 			/* NOTREACHED */
@@ -331,7 +331,7 @@ main(int argc, char **argv)
 	}
 	
 	if (strlen(password) == 0) {
-		if (NULL != getenv(PASSWORD_ENV_VAR))
+		if (getenv(PASSWORD_ENV_VAR))
 			snprintf(password, sizeof(password), "%s", getenv(PASSWORD_ENV_VAR));
 		else
 			read_password(password, sizeof(password));
@@ -372,13 +372,13 @@ main(int argc, char **argv)
 	if (foreground == 0) 
 		do_detach();
 	
-	if (pidfile != NULL)
+	if (pidfile)
 		do_pidfile(pidfile);
 
-	if (newroot != NULL)
+	if (newroot)
 		do_chroot(newroot);
 	
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
 		gid_t gids[1];
 		gids[0] = pw->pw_gid;
@@ -390,7 +390,7 @@ main(int argc, char **argv)
 #endif
 	}
 
-	if (context != NULL)
+	if (context)
 		do_setcon(context);
 
 	client_tunnel(tun_fd, dns_fd);
diff --git a/src/iodined.c b/src/iodined.c
index f097eb5..5c4ae46 100644
--- a/src/iodined.c
+++ b/src/iodined.c
@@ -415,7 +415,7 @@ save_to_qmem_pingordata(int userid, struct query *q)
 		size_t cmcsize = sizeof(cmc);
 		char *cp = strchr(q->name, '.');
 
-		if (cp == NULL)
+		if (!cp)
 			return;  /* illegal hostname; shouldn't happen */
 
 		/* We already unpacked in handle_null_request(), but that's
@@ -1993,9 +1993,7 @@ read_dns(int fd, int tun_fd, struct query *q) /* FIXME: tun_fd is because of raw
 		}
 		
 #ifndef WINDOWS32
-		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; 
-			cmsg = CMSG_NXTHDR(&msg, cmsg)) { 
-			
+		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
 			if (cmsg->cmsg_level == IPPROTO_IP && 
 				cmsg->cmsg_type == DSTADDR_SOCKOPT) { 
 				
@@ -2298,7 +2296,7 @@ main(int argc, char **argv)
 
 #if !defined(BSD) && !defined(__GLIBC__)
 	__progname = strrchr(argv[0], '/');
-	if (__progname == NULL)
+	if (!__progname)
 		__progname = argv[0];
 	else
 		__progname++;
@@ -2412,9 +2410,9 @@ main(int argc, char **argv)
 		usage();
 	}
 
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
-		if ((pw = getpwnam(username)) == NULL) {
+		if (!(pw = getpwnam(username))) {
 			warnx("User %s does not exist!", username);
 			usage();
 		}
@@ -2543,7 +2541,7 @@ main(int argc, char **argv)
 	if (foreground == 0) 
 		do_detach();
 	
-	if (pidfile != NULL)
+	if (pidfile)
 		do_pidfile(pidfile);
 
 #ifdef FREEBSD
@@ -2553,11 +2551,11 @@ main(int argc, char **argv)
 	openlog( __progname, LOG_NDELAY, LOG_DAEMON );
 #endif
 
-	if (newroot != NULL)
+	if (newroot)
 		do_chroot(newroot);
 
 	signal(SIGINT, sigint);
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
 		gid_t gids[1];
 		gids[0] = pw->pw_gid;
@@ -2568,7 +2566,7 @@ main(int argc, char **argv)
 #endif
 	}
 
-	if (context != NULL)
+	if (context)
 		do_setcon(context);
 
 	syslog(LOG_INFO, "started, listening on port %d", port);
diff --git a/src/tun.c b/src/tun.c
index bc5c153..457efe6 100644
--- a/src/tun.c
+++ b/src/tun.c
@@ -89,7 +89,7 @@ open_tun(const char *tun_device)
 
 	ifreq.ifr_flags = IFF_TUN; 
 
-	if (tun_device != NULL) {
+	if (tun_device) {
 		strncpy(ifreq.ifr_name, tun_device, IFNAMSIZ);
 		ifreq.ifr_name[IFNAMSIZ-1] = '\0';
 		strncpy(if_name, tun_device, sizeof(if_name));
@@ -135,7 +135,7 @@ open_tun(const char *tun_device)
 	int tun_fd;
 	char tun_name[50];
 
-	if (tun_device != NULL) {
+	if (tun_device) {
 		snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
 		strncpy(if_name, tun_device, sizeof(if_name));
 		if_name[sizeof(if_name)-1] = '\0';
diff --git a/src/util.c b/src/util.c
index d109c4b..0c54b48 100644
--- a/src/util.c
+++ b/src/util.c
@@ -27,9 +27,9 @@ get_resolvconf_addr(void)
 	FILE *fp;
 #ifdef ANDROID
 	fp = popen("getprop net.dns1", "r");
-	if (fp == NULL)
+	if (!fp)
 		err(1, "getprop net.dns1 failed");
-	if (fgets(buf, sizeof(buf), fp) == NULL)
+	if (!fgets(buf, sizeof(buf), fp))
 		err(1, "read getprop net.dns1 failed");
 	if (sscanf(buf, "%15s", addr) == 1)
 		rv = addr;
@@ -38,7 +38,7 @@ get_resolvconf_addr(void)
 	
 	rv = NULL;
 
-	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) 
+	if (!(fp = fopen("/etc/resolv.conf", "r")))
 		err(1, "/etc/resolv.conf");
 	
 	while (feof(fp) == 0) {

From b59b665b7735a44559f31614889487f97f4e0474 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Wed, 23 Apr 2014 20:04:24 -0500
Subject: [PATCH 7/9] Declare counter variables within for loops for lowest
 scope.

---
 src/base128.c  |  3 +--
 src/base32.c   |  3 +--
 src/base64.c   |  3 +--
 src/base64u.c  |  3 +--
 src/client.c   | 35 ++++++++++++-----------------------
 src/common.c   | 15 +++++----------
 src/dns.c      |  3 +--
 src/fw_query.c |  4 +---
 src/login.c    |  3 +--
 src/md5.c      |  8 +++-----
 src/tun.c      |  3 +--
 src/user.c     | 29 +++++++++++------------------
 12 files changed, 39 insertions(+), 73 deletions(-)

diff --git a/src/base128.c b/src/base128.c
index 7c77692..9f1d025 100644
--- a/src/base128.c
+++ b/src/base128.c
@@ -96,12 +96,11 @@ base128_blksize_enc(void)
 inline static void
 base128_reverse_init(void)
 {
-	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
 		memset (rev128, 0, 256);
-		for (i = 0; i < 128; i++) {
+		for (int i = 0; i < 128; i++) {
 			c = cb128[i];
 			rev128[(int) c] = i;
 		}
diff --git a/src/base32.c b/src/base32.c
index 4492899..423bf8b 100644
--- a/src/base32.c
+++ b/src/base32.c
@@ -74,12 +74,11 @@ base32_blksize_enc(void)
 inline static void
 base32_reverse_init(void)
 {
-	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
 		memset (rev32, 0, 256);
-		for (i = 0; i < 32; i++) {
+		for (int i = 0; i < 32; i++) {
 			c = cb32[i];
 			rev32[(int) c] = i;
 			c = cb32_ucase[i];
diff --git a/src/base64.c b/src/base64.c
index aeca1de..10ecb6e 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -75,12 +75,11 @@ base64_blksize_enc(void)
 inline static void
 base64_reverse_init(void)
 {
-	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
 		memset (rev64, 0, 256);
-		for (i = 0; i < 64; i++) {
+		for (int i = 0; i < 64; i++) {
 			c = cb64[i];
 			rev64[(int) c] = i;
 		}
diff --git a/src/base64u.c b/src/base64u.c
index 3c81e93..e16cb50 100644
--- a/src/base64u.c
+++ b/src/base64u.c
@@ -76,12 +76,11 @@ base64u_blksize_enc(void)
 inline static void
 base64u_reverse_init(void)
 {
-	int i;
 	unsigned char c;
 
 	if (!reverse_init) {
 		memset (rev64, 0, 256);
-		for (i = 0; i < 64; i++) {
+		for (int i = 0; i < 64; i++) {
 			c = cb64[i];
 			rev64[(int) c] = i;
 		}
diff --git a/src/client.c b/src/client.c
index 6f7740d..dcab784 100644
--- a/src/client.c
+++ b/src/client.c
@@ -1835,7 +1835,6 @@ handshake_qtypetest(int dns_fd, int timeout)
 	char *s = DOWNCODECCHECK1;
         int slen = DOWNCODECCHECK1_LEN;
 	int trycodec;
-	int k;
 
 	if (do_qtype == T_NULL)
 		trycodec = 'R';
@@ -1852,7 +1851,7 @@ handshake_qtypetest(int dns_fd, int timeout)
 	if (read != slen)
 		return 0;	/* incorrect */
 
-	for (k = 0; k < slen; k++) {
+	for (int k = 0; k < slen; k++) {
 		if (in[k] != s[k]) {
 			/* corrupted */
 			return 0;
@@ -1885,8 +1884,6 @@ handshake_qtype_autodetect(int dns_fd)
 */
 {
 	int highestworking = 100;
-	int timeout;
-	int qtypenum;
 
 	fprintf(stderr, "Autodetecting DNS query type (use -T to override)");
 	fflush(stderr);
@@ -1901,8 +1898,8 @@ handshake_qtype_autodetect(int dns_fd)
 	   to see if things will start working after a while.
 	 */
 
-	for (timeout = 1; running && timeout <= 3; timeout++) {
-		for (qtypenum = 0; running && qtypenum < highestworking; qtypenum++) {
+	for (int timeout = 1; running && timeout <= 3; timeout++) {
+		for (int qtypenum = 0; running && qtypenum < highestworking; qtypenum++) {
 			do_qtype = handshake_qtype_numcvt(qtypenum);
 			if (do_qtype == T_UNSET)
 				break;	/* this round finished */
@@ -1957,7 +1954,6 @@ handshake_edns0_check(int dns_fd)
 */
 {
 	char in[4096];
-	int i;
 	int read;
 	char *s = DOWNCODECCHECK1;
         int slen = DOWNCODECCHECK1_LEN;
@@ -1968,7 +1964,7 @@ handshake_edns0_check(int dns_fd)
 	else
 		trycodec = 'T';
 
-	for (i=0; running && i<3 ;i++) {
+	for (int i=0; running && i<3 ;i++) {
 
 		send_downenctest(dns_fd, trycodec, 1, NULL, 0);
 
@@ -1981,8 +1977,7 @@ handshake_edns0_check(int dns_fd)
 			return 0;	/* reply incorrect = unreliable */
 
 		if (read > 0) {
-			int k;
-			for (k = 0; k < slen; k++) {
+			for (int k = 0; k < slen; k++) {
 				if (in[k] != s[k]) {
 					/* Definitely not reliable */
 					return 0;
@@ -2003,7 +1998,6 @@ static void
 handshake_switch_codec(int dns_fd, int bits)
 {
 	char in[4096];
-	int i;
 	int read;
 	struct encoder *tempenc;
 
@@ -2019,7 +2013,7 @@ handshake_switch_codec(int dns_fd, int bits)
 
 	fprintf(stderr, "Switching upstream to codec %s\n", tempenc->name);
 
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 
 		send_codec_switch(dns_fd, userid, bits);
 		
@@ -2057,7 +2051,6 @@ static void
 handshake_switch_downenc(int dns_fd)
 {
 	char in[4096];
-	int i;
 	int read;
 	char *dname;
 
@@ -2072,7 +2065,7 @@ handshake_switch_downenc(int dns_fd)
 		dname = "Raw";
 
 	fprintf(stderr, "Switching downstream to codec %s\n", dname);
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 
 		send_downenc_switch(dns_fd, userid);
 
@@ -2109,11 +2102,10 @@ static void
 handshake_try_lazy(int dns_fd)
 {
 	char in[4096];
-	int i;
 	int read;
 
 	fprintf(stderr, "Switching to lazy mode for low-latency\n");
-	for (i=0; running && i<5; i++) {
+	for (int i=0; running && i<5; i++) {
 
 		send_lazy_switch(dns_fd, userid);
 
@@ -2154,10 +2146,9 @@ handshake_lazyoff(int dns_fd)
 /* Used in the middle of data transfer, timing is different and no error msgs */
 {
 	char in[4096];
-	int i;
 	int read;
 
-	for (i=0; running && i<5; i++) {
+	for (int i=0; running && i<5; i++) {
 
 		send_lazy_switch(dns_fd, userid);
 
@@ -2182,8 +2173,8 @@ fragsize_check(char *in, int read, int proposed_fragsize, int *max_fragsize)
 {
 	int acked_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
 	int okay;
-	int i;
 	unsigned int v;
+	int i;
 
 	if (read >= 5 && strncmp("BADIP", in, 5) == 0) {
 		fprintf(stderr, "got BADIP (Try iodined -c)..\n");
@@ -2253,7 +2244,6 @@ static int
 handshake_autoprobe_fragsize(int dns_fd)
 {
 	char in[4096];
-	int i;
 	int read;
 	int proposed_fragsize = 768;
 	int range = 768;
@@ -2263,7 +2253,7 @@ handshake_autoprobe_fragsize(int dns_fd)
 	fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)\n"); 
 	while (running && range > 0 && (range >= 8 || max_fragsize < 300)) {
 		/* stop the slow probing early when we have enough bytes anyway */
-		for (i=0; running && i<3 ;i++) {
+		for (int i=0; running && i<3 ;i++) {
 
 			send_fragsize_probe(dns_fd, proposed_fragsize);
 
@@ -2327,11 +2317,10 @@ static void
 handshake_set_fragsize(int dns_fd, int fragsize)
 {
 	char in[4096];
-	int i;
 	int read;
 
 	fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 
 		send_set_downstream_fragsize(dns_fd, fragsize);
 
diff --git a/src/common.c b/src/common.c
index ec051bd..d7088c0 100644
--- a/src/common.c
+++ b/src/common.c
@@ -59,7 +59,7 @@ const unsigned char raw_header[RAW_HDR_LEN] = { 0x10, 0xd1, 0x9e, 0x00 };
 #if !defined(ANDROID) && !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
 static int daemon(int nochdir, int noclose)
 {
- 	int fd, i;
+ 	int fd;
  
  	switch (fork()) {
  		case 0:
@@ -80,7 +80,7 @@ static int daemon(int nochdir, int noclose)
  	
  	if (!noclose) {
  		if ((fd = open("/dev/null", O_RDWR)) >= 0) {
- 			for (i = 0; i < 3; i++) {
+ 			for (int i = 0; i < 3; i++) {
  				dup2(fd, i);
  			}
  			if (fd > 2) {
@@ -293,8 +293,6 @@ read_password(char *buf, size_t len)
 	
 	tp.c_lflag &= (~ECHO);
 	tcsetattr(0, TCSANOW, &tp);
-#else
-	int i;
 #endif
 
 	fprintf(stderr, "Enter password: ");
@@ -302,7 +300,7 @@ read_password(char *buf, size_t len)
 #ifndef WINDOWS32
 	fscanf(stdin, "%79[^\n]", pwd);
 #else
-	for (i = 0; i < sizeof(pwd); i++) {
+	for (int i = 0; i < sizeof(pwd); i++) {
 		pwd[i] = getch();
 		if (pwd[i] == '\r' || pwd[i] == '\n') {
 			pwd[i] = 0;
@@ -326,12 +324,10 @@ read_password(char *buf, size_t len)
 int
 check_topdomain(char *str)
 {
-       int i;
-
        if(str[0] == '.') /* special case */
                return 1;
 
-       for( i = 0; i < strlen(str); i++) {
+       for(int i = 0; i < strlen(str); i++) {
                if( isalpha(str[i]) || isdigit(str[i]) || str[i] == '-' || str[i] == '.' )
                        continue;
                else 
@@ -407,8 +403,7 @@ int recent_seqno(int ourseqno, int gotseqno)
    Return 0 if gotseqno is new (or very old).
 */
 {
-	int i;
-	for (i = 0; i < 4; i++, ourseqno--) {
+	for (int i = 0; i < 4; i++, ourseqno--) {
 		if (ourseqno < 0)
 			ourseqno = 7;
 		if (gotseqno == ourseqno)
diff --git a/src/dns.c b/src/dns.c
index 938751a..44a1d9e 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -508,11 +508,10 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 			char names[250][QUERY_NAME_SIZE];
 			char *rdatastart;
 			short pref;
-			int i;
 			int offset;
 
 			memset(names, 0, sizeof(names));
-
+			int i;
 			for (i=0; i < ancount; i++) {
 				readname(packet, packetlen, &data, name, sizeof(name));
 				CHECKLEN(12);
diff --git a/src/fw_query.c b/src/fw_query.c
index f39ec15..4288fbe 100644
--- a/src/fw_query.c
+++ b/src/fw_query.c
@@ -37,10 +37,8 @@ void fw_query_put(struct fw_query *fw_query)
 
 void fw_query_get(unsigned short query_id, struct fw_query **fw_query)
 {
-	int i;
-
 	*fw_query = NULL;
-	for (i = 0; i < FW_QUERY_CACHE_SIZE; i++) {
+	for (int i = 0; i < FW_QUERY_CACHE_SIZE; i++) {
 		if (fwq[i].id == query_id) {
 			*fw_query = &(fwq[i]);
 			return;
diff --git a/src/login.c b/src/login.c
index c562050..fde52de 100644
--- a/src/login.c
+++ b/src/login.c
@@ -35,7 +35,6 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
 	unsigned char temp[32];
 	md5_state_t ctx;
 	int *ix;
-	int i;
 	int k;
 
 	if (buflen < 16) 
@@ -44,7 +43,7 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
 	memcpy(temp, pass, 32);
 	ix = (int*) temp;
 
-	for (i = 0; i < 8; i++) {
+	for (int i = 0; i < 8; i++) {
 		k = ntohl(*ix);
 		k ^= seed;
 		*ix++ = htonl(k);
diff --git a/src/md5.c b/src/md5.c
index 89d3d5e..1b71e1d 100644
--- a/src/md5.c
+++ b/src/md5.c
@@ -181,14 +181,13 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 	     * right order.
 	     */
 	    const md5_byte_t *xp = data;
-	    int i;
 
 #  if BYTE_ORDER == 0
 	    X = xbuf;		/* (dynamic only) */
 #  else
 #    define xbuf X		/* (static only) */
 #  endif
-	    for (i = 0; i < 16; ++i, xp += 4)
+	    for (int i = 0; i < 16; ++i, xp += 4)
 		xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
 	}
 #endif
@@ -367,16 +366,15 @@ md5_finish(md5_state_t *pms, md5_byte_t digest[16])
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
     };
     md5_byte_t data[8];
-    int i;
 
     /* Save the length before padding. */
-    for (i = 0; i < 8; ++i)
+    for (int i = 0; i < 8; ++i)
 	data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
     /* Pad to 56 bytes mod 64. */
     md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
     /* Append the length. */
     md5_append(pms, data, 8);
-    for (i = 0; i < 16; ++i)
+    for (int i = 0; i < 16; ++i)
 	digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
 }
 
diff --git a/src/tun.c b/src/tun.c
index 457efe6..a1ce91d 100644
--- a/src/tun.c
+++ b/src/tun.c
@@ -437,7 +437,6 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	char cmdline[512];
 	int netmask;
 	struct in_addr net;
-	int i;
 #ifndef LINUX
 	int r;
 #endif
@@ -450,7 +449,7 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	const char *display_ip;
 
 	netmask = 0;
-	for (i = 0; i < netbits; i++) {
+	for (int i = 0; i < netbits; i++) {
 		netmask = (netmask << 1) | 1;
 	}
 	netmask <<= (32 - netbits);
diff --git a/src/user.c b/src/user.c
index 47522c7..fc217e6 100644
--- a/src/user.c
+++ b/src/user.c
@@ -39,7 +39,6 @@ unsigned usercount;
 int
 init_users(in_addr_t my_ip, int netbits)
 {
-	int i;
 	int skip = 0;
 	char newip[16];
 
@@ -49,7 +48,7 @@ init_users(in_addr_t my_ip, int netbits)
 	struct in_addr net;
 	struct in_addr ipstart;
 
-	for (i = 0; i < netbits; i++) {
+	for (int i = 0; i < netbits; i++) {
 		netmask = (netmask << 1) | 1;
 	}
 	netmask <<= (32 - netbits);
@@ -60,7 +59,7 @@ init_users(in_addr_t my_ip, int netbits)
 	usercount = MIN(maxusers, USERS);
 	
 	users = calloc(usercount, sizeof(struct tun_user));
-	for (i = 0; i < usercount; i++) {
+	for (int i = 0; i < usercount; i++) {
 		in_addr_t ip;
 		users[i].id = i;
 		snprintf(newip, sizeof(newip), "0.0.0.%d", i + skip + 1);
@@ -92,11 +91,9 @@ users_get_first_ip(void)
 int
 users_waiting_on_reply(void)
 {
-	int ret;
-	int i;
+	int ret = 0;
 
-	ret = 0;
-	for (i = 0; i < usercount; i++) {
+	for (int i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled && 
 			users[i].last_pkt + 60 > time(NULL) &&
 			users[i].q.id != 0 && users[i].conn == CONN_DNS_NULL) {
@@ -110,11 +107,9 @@ users_waiting_on_reply(void)
 int
 find_user_by_ip(uint32_t ip)
 {
-	int ret;
-	int i;
+	int ret = -1;
 
-	ret = -1;
-	for (i = 0; i < usercount; i++) {
+	for (int i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled &&
 			users[i].last_pkt + 60 > time(NULL) &&
 			ip == users[i].tun_ip) {
@@ -134,12 +129,10 @@ all_users_waiting_to_send(void)
 */
 {
 	time_t now;
-	int ret;
-	int i;
-
-	ret = 1;
+	int ret = 1;
 	now = time(NULL);
-	for (i = 0; i < usercount; i++) {
+
+	for (int i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled &&
 			users[i].last_pkt + 60 > now &&
 			((users[i].conn == CONN_RAW_UDP) || 
@@ -162,8 +155,8 @@ int
 find_available_user(void)
 {
 	int ret = -1;
-	int i;
-	for (i = 0; i < usercount; i++) {
+
+	for (int i = 0; i < usercount; i++) {
 		/* Not used at all or not used in one minute */
 		if ((!users[i].active || users[i].last_pkt + 60 < time(NULL)) && !users[i].disabled) {
 			users[i].active = 1;

From b6444d7712102919d445c217bd6c5f7094ca7db3 Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Thu, 24 Apr 2014 10:36:57 -0500
Subject: [PATCH 8/9] Fix NULL check.

---
 src/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common.c b/src/common.c
index d7088c0..3c5d1a4 100644
--- a/src/common.c
+++ b/src/common.c
@@ -255,7 +255,7 @@ do_pidfile(char *pidfile)
 #ifndef WINDOWS32
 	FILE *file;
 
-	if ((file = fopen(pidfile, "w"))) {
+	if (!(file = fopen(pidfile, "w"))) {
 		syslog(LOG_ERR, "Cannot write pidfile to %s, exiting", pidfile);
 		err(1, "do_pidfile: Can not write pidfile to %s", pidfile);
 	} else {

From 3d4b73b65ed3024fdaf8899e1ce350082119e05d Mon Sep 17 00:00:00 2001
From: syb0rg <darksyb0rg@gmail.com>
Date: Thu, 24 Apr 2014 10:41:26 -0500
Subject: [PATCH 9/9] Remove file produced by Makefile.

---
 src/base64u.c | 204 --------------------------------------------------
 1 file changed, 204 deletions(-)
 delete mode 100644 src/base64u.c

diff --git a/src/base64u.c b/src/base64u.c
deleted file mode 100644
index e16cb50..0000000
--- a/src/base64u.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/* No use in editing, produced by Makefile! */
-/*
- * Copyright (c) 2006-2009 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
- * Mostly rewritten 2009 J.A.Bezemer@opensourcepartners.nl
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "encoding.h"
-#include "base64u.h"
-
-#define BLKSIZE_RAW 3
-#define BLKSIZE_ENC 4
-
-/* Note: the "unofficial" char is last here, which means that the \377 pattern
-   in DOWNCODECCHECK1 ('Y' request) will properly test it. */
-static const char cb64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789_";
-static unsigned char rev64[256];
-static int reverse_init = 0;
-
-static int base64u_encode(char *, size_t *, const void *, size_t);
-static int base64u_decode(void *, size_t *, const char *, size_t);
-static int base64u_handles_dots();
-static int base64u_blksize_raw();
-static int base64u_blksize_enc();
-
-static struct encoder base64u_encoder =
-{
-	"Base64u",
-	base64u_encode,
-	base64u_decode,
-	base64u_handles_dots,
-	base64u_handles_dots,
-	base64u_blksize_raw,
-	base64u_blksize_enc
-};
-
-struct encoder
-*get_base64u_encoder(void)
-{
-	return &base64u_encoder;
-}
-
-static int 
-base64u_handles_dots(void)
-{
-	return 0;
-}
-
-static int 
-base64u_blksize_raw(void)
-{
-	return BLKSIZE_RAW;
-}
-
-static int 
-base64u_blksize_enc(void)
-{
-	return BLKSIZE_ENC;
-}
-
-inline static void
-base64u_reverse_init(void)
-{
-	unsigned char c;
-
-	if (!reverse_init) {
-		memset (rev64, 0, 256);
-		for (int i = 0; i < 64; i++) {
-			c = cb64[i];
-			rev64[(int) c] = i;
-		}
-		reverse_init = 1;
-	}
-}
-
-static int 
-base64u_encode(char *buf, size_t *buflen, const void *data, size_t size)
-/*
- * Fills *buf with max. *buflen characters, encoding size bytes of *data.
- *
- * NOTE: *buf space should be at least 1 byte _more_ than *buflen
- * to hold the trailing '\0'.
- *
- * return value    : #bytes filled in buf   (excluding \0)
- * sets *buflen to : #bytes encoded from data
- */
-{
-	unsigned char *udata = (unsigned char *) data;
-	int iout = 0;	/* to-be-filled output char */
-	int iin = 0;	/* one more than last input byte that can be
-			   successfully decoded */
-
-	/* Note: Don't bother to optimize manually. GCC optimizes
-	   better(!) when using simplistic array indexing. */
-
-	while (1) {
-		if (iout >= *buflen || iin >= size)
-			break;
-		buf[iout] = cb64[((udata[iin] & 0xfc) >> 2)];
-		iout++;
-
-		if (iout >= *buflen || iin >= size) {
-			iout--;		/* previous char is useless */
-			break;
-		}
-		buf[iout] = cb64[((udata[iin] & 0x03) << 4) |
-				  ((iin + 1 < size) ?
-				   ((udata[iin + 1] & 0xf0) >> 4) : 0)];
-		iin++;			/* 0 complete, iin=1 */
-		iout++;
-
-		if (iout >= *buflen || iin >= size)
-			break;
-		buf[iout] = cb64[((udata[iin] & 0x0f) << 2 ) |
-				  ((iin + 1 < size) ?
-				   ((udata[iin + 1] & 0xc0) >> 6) : 0)];
-		iin++;			/* 1 complete, iin=2 */
-		iout++;
-
-		if (iout >= *buflen || iin >= size)
-			break;
-		buf[iout] = cb64[(udata[iin] & 0x3f)];
-		iin++;			/* 2 complete, iin=3 */
-		iout++;
-	}
-
-	buf[iout] = '\0';
-
-	/* store number of bytes from data that was used */
-	*buflen = iin;
-
-	return iout;
-}
-
-#define REV64(x) rev64[(int) (x)]
-
-static int
-base64u_decode(void *buf, size_t *buflen, const char *str, size_t slen)
-/*
- * Fills *buf with max. *buflen bytes, decoded from slen chars in *str.
- * Decoding stops early when *str contains \0.
- * Illegal encoded chars are assumed to decode to zero.
- *
- * NOTE: *buf space should be at least 1 byte _more_ than *buflen
- * to hold a trailing '\0' that is added (though *buf will usually
- * contain full-binary data).
- *
- * return value    : #bytes filled in buf   (excluding \0)
- */
-{
-	unsigned char *ubuf = (unsigned char *) buf;
-	int iout = 0;	/* to-be-filled output byte */
-	int iin = 0;	/* next input char to use in decoding */
-
-	base64u_reverse_init ();
-
-	/* Note: Don't bother to optimize manually. GCC optimizes
-	   better(!) when using simplistic array indexing. */
-
-	while (1) {
-		if (iout >= *buflen || iin + 1 >= slen ||
-		    str[iin] == '\0' || str[iin + 1] == '\0')
-			break;
-		ubuf[iout] = ((REV64(str[iin]) & 0x3f) << 2) | 
-			     ((REV64(str[iin + 1]) & 0x30) >> 4);
-		iin++;  		/* 0 used up, iin=1 */
-		iout++;
-
-		if (iout >= *buflen || iin + 1 >= slen ||
-		    str[iin] == '\0' || str[iin + 1] == '\0')
-			break;
-		ubuf[iout] = ((REV64(str[iin]) & 0x0f) << 4) | 
-			     ((REV64(str[iin + 1]) & 0x3c) >> 2);
-		iin++;  		/* 1 used up, iin=2 */
-		iout++;
-
-		if (iout >= *buflen || iin + 1 >= slen ||
-		    str[iin] == '\0' || str[iin + 1] == '\0')
-			break;
-		ubuf[iout] = ((REV64(str[iin]) & 0x03) << 6) |
-			     (REV64(str[iin + 1]) & 0x3f);
-		iin += 2;  		/* 2,3 used up, iin=4 */
-		iout++;
-	}
-
-	ubuf[iout] = '\0';
-
-	return iout;
-}