Merge pull request #37 from charlesUnixPro/master

Fix telnet->q allocator to function as documented.

Author: Sean Middleditch

libtelnet.c

@@ -103,7 +103,9 @@ struct telnet_t {
 	/* current subnegotiation telopt */
 	unsigned char sb_telopt;
 	/* length of RFC1143 queue */
-	unsigned char q_size;
+	unsigned int q_size;
+	/* number of entries in RFC1143 queue */
+	unsigned int q_cnt;
 };
 
 /* RFC1143 option negotiation state */
@@ -129,6 +131,9 @@ static const size_t _buffer_sizes[] = { 0, 512, 2048, 8192, 16384, };
 static const size_t _buffer_sizes_count = sizeof(_buffer_sizes) /
 		sizeof(_buffer_sizes[0]);
 
+/* RFC1143 option negotiation state table allocation quantum */
+#define Q_BUFFER_GROWTH_QUANTUM 4
+
 /* error generation function */
 static telnet_error_t _error(telnet_t *telnet, unsigned line,
 		const char* func, telnet_error_t err, int fatal, const char *fmt,
@@ -262,7 +267,7 @@ static INLINE int _check_telopt(telnet_t *telnet, unsigned char telopt,
 	if (telnet->telopts == 0)
 		return 0;
 
-	/* loop unti found or end marker (us and him both 0) */
+	/* loop until found or end marker (us and him both 0) */
 	for (i = 0; telnet->telopts[i].telopt != -1; ++i) {
 		if (telnet->telopts[i].telopt == telopt) {
 			if (us && telnet->telopts[i].us == TELNET_WILL)
@@ -285,7 +290,7 @@ static INLINE telnet_rfc1143_t _get_rfc1143(telnet_t *telnet,
 	int i;
 
 	/* search for entry */
-	for (i = 0; i != telnet->q_size; ++i) {
+	for (i = 0; i != telnet->q_cnt; ++i) {
 		if (telnet->q[i].telopt == telopt) {
 			return telnet->q[i];
 		}
@@ -304,7 +309,7 @@ static INLINE void _set_rfc1143(telnet_t *telnet, unsigned char telopt,
 	int i;
 
 	/* search for entry */
-	for (i = 0; i != telnet->q_size; ++i) {
+	for (i = 0; i != telnet->q_cnt; ++i) {
 		if (telnet->q[i].telopt == telopt) {
 			telnet->q[i].state = Q_MAKE(us,him);
 			if (telopt != TELNET_TELOPT_BINARY)
@@ -325,17 +330,26 @@ static INLINE void _set_rfc1143(telnet_t *telnet, unsigned char telopt,
 	 * to the number of enabled options for most simple code, and it
 	 * allows for an acceptable number of reallocations for complex code.
 	 */
-	if ((qtmp = (telnet_rfc1143_t *)realloc(telnet->q,
-			sizeof(telnet_rfc1143_t) * (telnet->q_size + 4))) == 0) {
-		_error(telnet, __LINE__, __func__, TELNET_ENOMEM, 0,
-				"realloc() failed: %s", strerror(errno));
-		return;
+
+    /* Did we reach the end of the table? */
+	if (telnet->q_cnt >= telnet->q_size) {
+		/* Expand the size */
+		if ((qtmp = (telnet_rfc1143_t *)realloc(telnet->q,
+			sizeof(telnet_rfc1143_t) *
+            	(telnet->q_size + Q_BUFFER_GROWTH_QUANTUM))) == 0) {
+			_error(telnet, __LINE__, __func__, TELNET_ENOMEM, 0,
+					"realloc() failed: %s", strerror(errno));
+			return;
+		}
+		memset(&qtmp[telnet->q_size], 0, sizeof(telnet_rfc1143_t) *
+			Q_BUFFER_GROWTH_QUANTUM);
+		telnet->q = qtmp;
+		telnet->q_size += Q_BUFFER_GROWTH_QUANTUM;
 	}
-	memset(&qtmp[telnet->q_size], 0, sizeof(telnet_rfc1143_t) * 4);
-	telnet->q = qtmp;
-	telnet->q[telnet->q_size].telopt = telopt;
-	telnet->q[telnet->q_size].state = Q_MAKE(us, him);
-	telnet->q_size += 4;
+	/* Add entry to end of table */
+	telnet->q[telnet->q_cnt].telopt = telopt;
+	telnet->q[telnet->q_cnt].state = Q_MAKE(us, him);
+	++telnet->q_cnt;
 }
 
 /* send negotiation bytes */
@@ -909,8 +923,9 @@ void telnet_free(telnet_t *telnet) {
 	/* free RFC1143 queue */
 	if (telnet->q) {
 		free(telnet->q);
-		telnet->q = 0;
+		telnet->q = NULL;
 		telnet->q_size = 0;
+		telnet->q_cnt = 0;
 	}
 
 	/* free the telnet structure itself */