diff -Naur netcdf-c-4.4.1.1.orig/libdap2/dapcvt.c netcdf-c-4.4.1.1/libdap2/dapcvt.c
--- netcdf-c-4.4.1.1.orig/libdap2/dapcvt.c	2016-11-21 16:27:08.000000000 -0200
+++ netcdf-c-4.4.1.1/libdap2/dapcvt.c	2017-04-05 10:45:18.410066978 -0300
@@ -210,14 +210,15 @@
 	ok = 0;
 	switch (etype) {
 	case NC_BYTE: {
-		char tmp[128];
-		
-		unsigned char* p = (unsigned char*)dstmem;
+	    char* p = (unsigned char*)dstmem;
 #ifdef _MSC_VER
-		ok = sscanf(s,"%hC%n",p,&nread);
-		_ASSERTE(_CrtCheckMemory());
+	    int ival;
+	    ok = sscanf(s,"%d%n",&ival,&nread);
+	    _ASSERTE(_CrtCheckMemory());
+	    if(ival < NC_MIN_BYTE || ival > NC_MAX_BYTE) ok = 0;
+	    *p = (char)ival;
 #else	
-		ok = sscanf(s,"%hhu%n",p,&nread);
+	   ok = sscanf(s,"%hhu%n",p,&nread);
 #endif
 	    } break;
 	case NC_CHAR: {
@@ -243,12 +244,15 @@
 	case NC_UBYTE: {
 	    unsigned char* p = (unsigned char*)dstmem;
 #ifdef _MSC_VER
-		ok = sscanf(s, "%hc%n", p,&nread);
-		_ASSERTE(_CrtCheckMemory());
+	    unsigned int uval;
+	    ok = sscanf(s,"%u%n",&uval,&nread);
+	    _ASSERTE(_CrtCheckMemory());
+	    if(uval > NC_MAX_UBYTE) ok = 0;
+	    *p = (unsigned char)uval;
 #else
 	    ok = sscanf(s,"%hhu%n",p,&nread);
 #endif
-		} break;
+	    } break;
 	case NC_USHORT: {
 	    unsigned short* p = (unsigned short*)dstmem;
 	    ok = sscanf(s,"%hu%n",p,&nread);
diff -Naur netcdf-c-4.4.1.1.orig/libdap2/ncd2dispatch.c netcdf-c-4.4.1.1/libdap2/ncd2dispatch.c
--- netcdf-c-4.4.1.1.orig/libdap2/ncd2dispatch.c	2016-11-21 16:27:08.000000000 -0200
+++ netcdf-c-4.4.1.1/libdap2/ncd2dispatch.c	2017-04-05 10:45:45.825068343 -0300
@@ -336,7 +336,8 @@
     dapcomm->oc.rawurltext = strdup(path);
 #endif
 
-    ncuriparse(dapcomm->oc.rawurltext,&dapcomm->oc.url);
+    ncstat = ncuriparse(dapcomm->oc.rawurltext,&dapcomm->oc.url);
+	if (!ncstat) goto done;
 
     /* parse the client parameters */
     ncuridecodeparams(dapcomm->oc.url);