Song Ma noted a zlib memory leak in the illegal compressed header

countermeasures code path.

3 files changed, 6 insertions, 1 deletions

diff --git a/CHANGES b/CHANGES
index c698968d6..d8a4bdaea 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Dan F (8 August 2007)
+- Song Ma noted a zlib memory leak in the illegal compressed header
+  countermeasures code path.
+
 Daniel S (4 August 2007)
 - Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
   non-ASCII systems.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 776156fcc..2f2962bb9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -35,6 +35,7 @@ This release includes the following bugfixes:
  o small POST with NTLM
  o resumed file:// transfers
  o CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
+ o memory leak when handling compressed data streams from broken servers
 
 This release includes the following known bugs:
 
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index a363f6db0..b80a57888 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -133,7 +133,7 @@ inflate_stream(struct connectdata *conn,
       /* some servers seem to not generate zlib headers, so this is an attempt
          to fix and continue anyway */
 
-      inflateReset(z);
+      (void) inflateEnd(z);	/* don't care about the return code */
       if (inflateInit2(z, -MAX_WBITS) != Z_OK) {
         return process_zlib_error(conn, z);
       }