diff --git a/src/ustreamer/http/server.c b/src/ustreamer/http/server.c
index 4c10414..a05741a 100644
--- a/src/ustreamer/http/server.c
+++ b/src/ustreamer/http/server.c
@@ -145,7 +145,7 @@ int server_listen(server_s *server) {
 		char *raw_token;
 		char *encoded_token = NULL;
 
-		A_CALLOC(raw_token, strlen(server->user) + strlen(server->passwd) + 2);
+		A_CALLOC(raw_token, strlen(server->user) + strlen(server->passwd) + 16);
 		sprintf(raw_token, "%s:%s", server->user, server->passwd);
 		base64_encode((uint8_t *)raw_token, strlen(raw_token), &encoded_token, NULL);
 		free(raw_token);
@@ -404,12 +404,12 @@ static void _http_callback_snapshot(struct evhttp_request *request, void *v_serv
 	char header_buf[256];
 
 #	define ADD_TIME_HEADER(_key, _value) { \
-			sprintf(header_buf, "%.06Lf", _value); \
+			snprintf(header_buf, 255, "%.06Lf", _value); \
 			ADD_HEADER(_key, header_buf); \
 		}
 
 #	define ADD_UNSIGNED_HEADER(_key, _value) { \
-			sprintf(header_buf, "%u", _value); \
+			snprintf(header_buf, 255, "%u", _value); \
 			ADD_HEADER(_key, header_buf); \
 		}
 
diff --git a/src/ustreamer/http/static.c b/src/ustreamer/http/static.c
index d2b3db2..9a83785 100644
--- a/src/ustreamer/http/static.c
+++ b/src/ustreamer/http/static.c
@@ -32,7 +32,7 @@ char *find_static_file_path(const char *root_path, const char *request_path) {
 		goto error;
 	}
 
-	A_CALLOC(path, strlen(root_path) + strlen(simplified_path) + 32);
+	A_CALLOC(path, strlen(root_path) + strlen(simplified_path) + 16);
 	sprintf(path, "%s/%s", root_path, simplified_path);
 
 	struct stat st;