commit f6daa8571ea247dca896cb17837b1a234c887416
author Sean Middleditch <sean@middleditch.us> Sat Mar 21 01:16:20 2009 -0400
committer Sean Middleditch <sean@middleditch.us> Sat Mar 21 01:16:20 2009 -0400
tree 090d9e9d651c9d6fe45768019ad0c0251c3cb564
parent 3f96c5cee8261c7a9ef5ac73479cf85a15e162cc

zmp fixes (great track record here, eh?)

libtelnet.c

diff --git a/libtelnet.c b/libtelnet.c
index 93b4765..6999610 100644
--- a/libtelnet.c
+++ b/libtelnet.c
@@ -412,7 +412,7 @@
 			return 0;
 
 		/* count arguments */
-		while (c != telnet->buffer + telnet->buffer_pos + 1) {
+		while (c != telnet->buffer + telnet->buffer_pos) {
 			++argc;
 			c += strlen(c) + 1;
 		}
@@ -641,8 +641,9 @@
 						"unexpected byte after IAC inside SB: %d",
 						byte);
 
-				/* ready for next bytes */
+				/* enter IAC state */
 				start = i + 1;
+				telnet->state = TELNET_STATE_IAC;
 
 				/* process subnegotiation; see comment in
 				 * TELNET_STATE_SB_DATA_IAC about invoking telnet_recv()
@@ -655,7 +656,6 @@
 					 * as a regular IAC command.  we could use a goto, but
 					 * that would be gross.
 					 */
-					telnet->state = TELNET_STATE_IAC;
 					_process(telnet, (char *)&byte, 1);
 				}
 				break;