Index: src/http.c
==================================================================
--- src/http.c
+++ src/http.c
@@ -174,19 +174,19 @@
     static int traceCnt = 0;
     char *zOutFile;
     FILE *out;
     traceCnt++;
     zOutFile = mprintf("http-request-%d.txt", traceCnt);
-    out = fopen(zOutFile, "w");
+    out = fopen(zOutFile, "wb");
     if( out ){
       fwrite(blob_buffer(&hdr), 1, blob_size(&hdr), out);
       fwrite(blob_buffer(&payload), 1, blob_size(&payload), out);
       fclose(out);
     }
     free(zOutFile);
     zOutFile = mprintf("http-reply-%d.txt", traceCnt);
-    out = fopen(zOutFile, "w");
+    out = fopen(zOutFile, "wb");
     transport_log(out);
     free(zOutFile);
   }
 
   /*
@@ -253,22 +253,22 @@
       }else if( fossil_strnicmp(&zLine[14], "application/x-fossil", -1)!=0 ){
         isError = 1;
       }
     }
   }
+  if( iLength<0 ){
+    fossil_fatal("server did not reply");
+    goto write_err;
+  }
   if( rc!=200 ){
     fossil_warning("\"location:\" missing from 302 redirect reply");
     goto write_err;
   }
 
   /*
   ** Extract the reply payload that follows the header
   */
-  if( iLength<0 ){
-    fossil_fatal("server did not reply");
-    goto write_err;
-  }
   blob_zero(pReply);
   blob_resize(pReply, iLength);
   iLength = transport_receive(blob_buffer(pReply), iLength);
   blob_resize(pReply, iLength);
   if( isError ){

Index: src/xfer.c
==================================================================
--- src/xfer.c
+++ src/xfer.c
@@ -127,14 +127,16 @@
   blob_zero(&content);
   blob_zero(&hash);
   blob_extract(pXfer->pIn, n, &content);
   if( !cloneFlag && uuid_is_shunned(blob_str(&pXfer->aToken[1])) ){
     /* Ignore files that have been shunned */
+    blob_reset(&content);
     return;
   }
   if( isPriv && !g.perm.Private ){
     /* Do not accept private files if not authorized */
+    blob_reset(&content);
     return;
   }
   if( cloneFlag ){
     if( pXfer->nToken==4 ){
       srcid = rid_from_uuid(&pXfer->aToken[2], 1, isPriv);
@@ -156,10 +158,12 @@
       rid = content_put_ex(&content, blob_str(&pXfer->aToken[1]), srcid,
                            0, isPriv);
       pXfer->nDanglingFile++;
       db_multi_exec("DELETE FROM phantom WHERE rid=%d", rid);
       if( !isPriv ) content_make_public(rid);
+      blob_reset(&src);
+      blob_reset(&content);
       return;
     }
     pXfer->nDeltaRcvd++;
     blob_delta_apply(&src, &content, &next);
     blob_reset(&src);
@@ -235,10 +239,11 @@
   }
   blob_zero(&content);
   blob_extract(pXfer->pIn, szC, &content);
   if( uuid_is_shunned(blob_str(&pXfer->aToken[1])) ){
     /* Ignore files that have been shunned */
+    blob_reset(&content);
     return;
   }
   if( pXfer->nToken==5 ){
     srcid = rid_from_uuid(&pXfer->aToken[2], 1, isPriv);
     pXfer->nDeltaRcvd++;
@@ -420,10 +425,11 @@
       blob_append(pXfer->pOut, blob_buffer(&content), size);
       pXfer->nFileSent++;
     }else{
       pXfer->nDeltaSent++;
     }
+    blob_reset(&content);
   }
   remote_has(rid);
   blob_reset(&uuid);
 #if 0
   if( blob_buffer(pXfer->pOut)[blob_size(pXfer->pOut)-1]!='\n' ){