diff --git a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
index cf34c525323..4502a1fd2af 100644
--- a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
+++ b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
@@ -276,12 +276,13 @@ JNIEnv *env, jclass clazz, jobject jstr, jint skipComponents)
   jthrowable jthr = NULL;
 
   utfLength = (*env)->GetStringUTFLength(env, jstr);
-  if (utfLength > sizeof(path)) {
+  if (utfLength > (sizeof(path)-1)) {
     jthr = newIOException(env, "path is too long!  We expected a path "
-        "no longer than %zd UTF-8 bytes.", sizeof(path));
+        "no longer than %zd UTF-8 bytes.", (sizeof(path)-1));
     goto done;
   }
   (*env)->GetStringUTFRegion(env, jstr, 0, utfLength, path);
+  path [ utfLength ] = 0;
   jthr = (*env)->ExceptionOccurred(env);
   if (jthr) {
     (*env)->ExceptionClear(env);
@@ -305,7 +306,7 @@ JNIEnv *env, jclass clazz, jobject jstr, jint skipComponents)
   // be a directory.  (If it is a directory, we will fail to create the socket
   // later with EISDIR or similar.)
   for (check[0] = '/', check[1] = '\0', rest = path, token = "";
-       token && rest[0];
+       token && rest && rest[0];
        token = strtok_r(rest, "/", &rest)) {
     if (strcmp(check, "/") != 0) {
       // If the previous directory we checked was '/', we skip appending another
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index 863a885caf1..4cf911e4a23 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -23,6 +23,8 @@ Release 2.2.0 - UNRELEASED
   OPTIMIZATIONS
 
   BUG FIXES
+    HADOOP-9635 Fix potential Stack Overflow in DomainSocket.c (V. Karthik Kumar
+                via cmccabe)
 
 Release 2.1.0-beta - UNRELEASED