Fix a security issue in web control interface and update CHANGELOG & CREDITS from 3.2.10.1

CHANGELOG

@@ -9,6 +9,11 @@ Features
 
 Bugfixes
 
+3.2.10.1 Summary of Changes
+
+Bugfixes
+    * Fix a security issue in web control interface http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572
+      (Angel Carpintero)
 
 3.2.10 Summary of Changes
 

CREDITS

@@ -397,6 +397,7 @@ Angel Carpintero
    * Added to configure.in --with-pwcbsd to allow compile motion in freebsd with webcam support instead of bktr.
    * IPV6 for http-control and webcam stream not netcam yet http://www.lavrsen.dk/twiki/bin/view/Motion/IPv6
      (Jeroen Massar & Angel Carpintero)
+   * Fix a security issue in web control interface http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572
  
 Jared D
    * Change bayer2rgb24() to fix a problem with sn9c102 driver

webhttpd.c

@@ -2147,14 +2147,14 @@ static unsigned short int read_client(int client_socket, void *userdata, char *a
 			return 1;
 		}
 		else {
-			char method[20];
-			char url[512];
-			char protocol[20];
+			char method[10]={'\0'};
+			char url[512]={'\0'};
+			char protocol[10]={'\0'};
 			char *authentication=NULL;
 
 			buffer[nread] = '\0';
 
-			warningkill = sscanf(buffer, "%s %s %s", method, url, protocol);
+			warningkill = sscanf(buffer, "%9s %511s %9s", method, url, protocol);
 
 			while ((strstr(buffer, "\r\n\r\n") == NULL) && (readb!=0) && (nread < length)) {
 				readb = read(client_socket, buffer+nread, sizeof (buffer) - nread);