Index: webhttpd.c
===================================================================
--- webhttpd.c	(revisión: 343)
+++ webhttpd.c	(revisión: 355)
@@ -10,10 +10,7 @@
  *      See also the file 'COPYING'.
  *
  */
-//#include "motion.h"
 #include "webhttpd.h"	/* already includes motion.h */
-//#include <sys/types.h>
-//#include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
@@ -353,7 +350,7 @@
 	unsigned short int i;
 	struct context **cnt = userdata;
 
-	warningkill = sscanf (pointer, "%256[a-z]%c", command , &question);
+	warningkill = sscanf (pointer, "%255[a-z]%c", command , &question);
 	if (!strcmp(command,"list")) {
 		pointer = pointer + 4;
 		length_uri = length_uri - 4;
@@ -462,7 +459,7 @@
 		if ((length_uri != 0) && (question == '?')) {
 			pointer++;
 			length_uri--;
-			warningkill = sscanf(pointer,"%256[-0-9a-z_]%c", command, &question);
+			warningkill = sscanf(pointer,"%255[-0-9a-z_]%c", command, &question);
 			/*check command , question == '='  length_uri too*/
 			if ((question == '=') && (command[0]!='\0')) {
 				length_uri = length_uri - strlen(command) - 1;
@@ -483,7 +480,7 @@
 				if (config_params[i].param_name) {
 					if (length_uri > 0) {
 						char Value[1024]={'\0'};
-						warningkill = sscanf(pointer,"%1024s", Value);
+						warningkill = sscanf(pointer,"%1023s", Value);
 						length_uri = length_uri - strlen(Value);
 						if ( (length_uri == 0) && (strlen(Value) > 0) ) {
 							/* FIXME need to assure that is a valid value */
@@ -697,12 +694,12 @@
 			/* 8 -> query=param_name FIXME minimum length param_name */
 			pointer++;
 			length_uri--;
-			warningkill = sscanf(pointer,"%256[-0-9a-z]%c", command, &question);
+			warningkill = sscanf(pointer,"%255[-0-9a-z]%c", command, &question);
 
 			if ( (question == '=') && (!strcmp(command,"query")) ) {
 				pointer = pointer + 6;
 				length_uri = length_uri - 6;
-				warningkill = sscanf(pointer, "%256[-0-9a-z_]", command);
+				warningkill = sscanf(pointer, "%255[-0-9a-z_]", command);
 				/*check if command exist, length_uri too*/
 				length_uri = length_uri-strlen(command);
 
@@ -887,7 +884,7 @@
 	struct context **cnt = userdata;
 	unsigned short int i = 0;
 
-	warningkill = sscanf (pointer, "%256[a-z]" , command);
+	warningkill = sscanf (pointer, "%255[a-z]" , command);
 	if (!strcmp(command,"makemovie")) {
 		pointer = pointer + 9;
 		length_uri = length_uri - 9;
@@ -1064,7 +1061,7 @@
 	struct context **cnt=userdata;
 	unsigned short int i = 0;
 
-	warningkill = sscanf (pointer, "%256[a-z]" , command);
+	warningkill = sscanf (pointer, "%255[a-z]" , command);
 	if (!strcmp(command,"status")) {
 		pointer = pointer + 6;
 		length_uri = length_uri - 6;
@@ -1227,7 +1224,7 @@
 	char command[256] = {'\0'};
 	struct context **cnt = userdata;
 
-	warningkill = sscanf(pointer, "%256[a-z]%c", command, &question);
+	warningkill = sscanf(pointer, "%255[a-z]%c", command, &question);
 	if (!strcmp(command, "set")) {
 		pointer=pointer+3;length_uri=length_uri-3;
 		/* FIXME need to check each value */
@@ -1246,7 +1243,7 @@
 			/* set?x=value&y=value */
 			/* pan= or x= | tilt= or y= */
 
-			warningkill = sscanf (pointer, "%256[a-z]%c" , command, &question);
+			warningkill = sscanf (pointer, "%255[a-z]%c" , command, &question);
 
 			if (( question != '=' ) || (command[0] == '\0')) {
 				/* no valid syntax */
@@ -1466,7 +1463,7 @@
 
 			/* Check Second parameter */
 
-			warningkill = sscanf (pointer, "%c%256[a-z]" ,&question, command);
+			warningkill = sscanf (pointer, "%c%255[a-z]" ,&question, command);
 			if ( ( question != '&' ) || (command[0] == '\0') ){
 				motion_log(LOG_WARNING, 0, "httpd debug race 4");
 				if ( strstr(pointer,"&")){
@@ -1755,11 +1752,11 @@
 			length_uri--;
 			/* value= */
 
-			warningkill = sscanf (pointer, "%256[a-z]%c",query,&question);
+			warningkill = sscanf (pointer, "%255[a-z]%c",query,&question);
 			if ((question == '=') && (!strcmp(query,"value")) ) {
 				pointer = pointer + 6;
 				length_uri = length_uri - 6;
-				warningkill = sscanf (pointer, "%256[-0-9a-z]" , command);
+				warningkill = sscanf (pointer, "%255[-0-9a-z]" , command);
 				if ((command!=NULL) && (strlen(command) > 0)) {
 					struct context *autocnt;
 
@@ -1926,7 +1923,7 @@
 				} 
 
 				if (length_uri!=0) {
-					warningkill = sscanf (pointer, "%256[a-z]%c" , command , &slash);
+					warningkill = sscanf (pointer, "%255[a-z]%c" , command , &slash);
 
 					/* config */
 					if (!strcmp(command,"config")) {
@@ -2135,7 +2132,7 @@
 	unsigned short int alive = 1;
 	unsigned short int ret = 1;
 	char buffer[1024] = {'\0'};
-	unsigned short int length = 1024;
+	unsigned short int length = 1023;
 	struct context **cnt = userdata;
 
 	/* lock the mutex */
@@ -2153,14 +2150,14 @@
 			return 1;
 		}
 		else {
-			char method[20];
-			char url[512];
-			char protocol[20];
+			char method[10]={'\0'};
+			char url[512]={'\0'};
+			char protocol[10]={'\0'};
 			char *authentication=NULL;
 
 			buffer[nread] = '\0';
 
-			warningkill = sscanf (buffer, "%s %s %s", method, url, protocol);
+			warningkill = sscanf (buffer, "%9s %511s %9s", method, url, protocol);
 
 			while ((strstr (buffer, "\r\n\r\n") == NULL) && (readb!=0) && (nread < length)){
 				readb = read (client_socket, buffer+nread, sizeof (buffer) - nread);