diff --git a/CHANGES b/CHANGES
index e5fec2df0..4ade70794 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@
 
                                   Changelog
 
+Daniel Fandrich (10 Aug 2009)
+- Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow.
+
 Daniel Fandrich (9 Aug 2009)
 - Fixed some memory leaks in the command-line tool that caused most of the
   torture tests to fail.
diff --git a/lib/ftp.c b/lib/ftp.c
index 4ded990b6..765ac841c 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -926,9 +926,9 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
     char *port_start = NULL;
     char *port_sep = NULL;
 
-    addr = malloc(addrlen);
-    memset(addr, 0, addrlen);
-
+    addr = calloc(addrlen+1, 1);
+    if (!addr)
+      return CURLE_OUT_OF_MEMORY;
 
 #ifdef ENABLE_IPV6
     if(*string_ftpport == '[') {