Song Ma noted a zlib memory leak in the illegal compressed header

countermeasures code path.

diff --git a/CHANGES b/CHANGES
index c698968d6b14e5fa9123219cd89b302d577ac164..d8a4bdaea2fdcf8cb0a0ce119521527408aee16f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Dan F (8 August 2007)
+- Song Ma noted a zlib memory leak in the illegal compressed header
+  countermeasures code path.
+
 Daniel S (4 August 2007)
 - Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
   non-ASCII systems.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 776156fcc76d09804b373930aaad5fb8f99d6455..2f2962bb98ed86e213f9cbd3a3a95aff9826064b 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -35,6 +35,7 @@ This release includes the following bugfixes:
  o small POST with NTLM
  o resumed file:// transfers
  o CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
+ o memory leak when handling compressed data streams from broken servers
 
 This release includes the following known bugs:
 

diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index a363f6db06908c6de1f484de2479b251e4f951a1..b80a57888663de5b9547c59c275c04688f8e1914 100644 (file)
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -133,7 +133,7 @@ inflate_stream(struct connectdata *conn,
       /* some servers seem to not generate zlib headers, so this is an attempt
          to fix and continue anyway */
 
-      inflateReset(z);
+      (void) inflateEnd(z);    /* don't care about the return code */
       if (inflateInit2(z, -MAX_WBITS) != Z_OK) {
         return process_zlib_error(conn, z);
       }