From fdcbba2bd97ac1bb512f820755602afc8a1e7c7e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri, 18 Mar 2011 17:47:34 -0700
Subject: [PATCH 1/1] config: fix possible access of non-allocated memory

Caused by determining the comment character in a line.
---
 config.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/config.c b/config.c
index 9326c71..42a0384 100644
--- a/config.c
+++ b/config.c
@@ -327,6 +327,7 @@ void bti_parse_configfile(struct session *session)
 	char *line = NULL;
 	char *key = NULL;
 	char *value = NULL;
+	char *hashmarker;
 	size_t len = 0;
 	ssize_t n;
 	char *c;
@@ -344,14 +345,20 @@ void bti_parse_configfile(struct session *session)
 		if (line[n - 1] == '\n')
 			line[n - 1] = '\0';
 
-		/* '#' is comment markers, like bash style
-		   but it is a valid character in some fields, so
-		   only treat it as a comment marker if it occurs
-		   at the beginning of the line, or after whitespace */
-		char *hashmarker = strchrnul(line, '#');
-		if (line == hashmarker) line[0] = '\0';
-		if (*(--hashmarker) == ' ' || *hashmarker == '\t')
-			*hashmarker = '\0';
+		/*
+		 * '#' is comment markers, like bash style but it is a valid
+		 * character in some fields, so only treat it as a comment
+		 * marker if it occurs at the beginning of the line, or after
+		 * whitespace
+		 */
+		hashmarker = strchrnul(line, '#');
+		if (line == hashmarker)
+			line[0] = '\0';
+		else {
+			--hashmarker;
+			if (isblank(hashmarker[0]))
+				hashmarker[0] = '\0';
+		}
 		c = line;
 		while (isspace(*c))
 			c++;
-- 
2.39.5