From 788731b320f87db9dc99638d2e3cf94bca245c6d Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Thu, 13 Oct 2011 10:30:21 +0200
Subject: [PATCH] Fix unterminated readlink() buffer usage

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
---
 misc/ss.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/misc/ss.c b/misc/ss.c
index b00841bc..13536207 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -273,13 +273,19 @@ static void user_ent_hash_build(void)
 			unsigned int ino;
 			char lnk[64];
 			int fd;
+			ssize_t link_len;
 
 			if (sscanf(d1->d_name, "%d%c", &fd, &crap) != 1)
 				continue;
 
 			sprintf(name+pos, "%d", fd);
-			if (readlink(name, lnk, sizeof(lnk)-1) < 0 ||
-			    strncmp(lnk, pattern, strlen(pattern)))
+
+			link_len = readlink(name, lnk, sizeof(lnk)-1);
+			if (link_len == -1)
+				continue;
+			lnk[link_len] = '\0';
+
+			if (strncmp(lnk, pattern, strlen(pattern)))
 				continue;
 
 			sscanf(lnk, "socket:[%u]", &ino);