diff --git a/doc/Changelog b/doc/Changelog
index 57854222e..9b3b9a06e 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 16 November 2009: Wouter
 	- Fixed signer detection of CNAME responses without signatures.
+	- Fix#282 libunbound memleak on error condition by Eric Sesterhenn.
 
 13 November 2009: Wouter
 	- Fixed validation failure for CNAME to optout NSEC3 nodata answer.
diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c
index e22dd5571..a30177d72 100644
--- a/libunbound/libunbound.c
+++ b/libunbound/libunbound.c
@@ -267,6 +267,7 @@ ub_ctx_add_ta(struct ub_ctx* ctx, char* ta)
 	lock_basic_lock(&ctx->cfglock);
 	if(ctx->finalized) {
 		lock_basic_unlock(&ctx->cfglock);
+		free(dup);
 		return UB_AFTERFINAL;
 	}
 	if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_list, dup)) {
@@ -286,6 +287,7 @@ ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname)
 	lock_basic_lock(&ctx->cfglock);
 	if(ctx->finalized) {
 		lock_basic_unlock(&ctx->cfglock);
+		free(dup);
 		return UB_AFTERFINAL;
 	}
 	if(!cfg_strlist_insert(&ctx->env->cfg->trust_anchor_file_list, dup)) {
@@ -305,6 +307,7 @@ ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname)
 	lock_basic_lock(&ctx->cfglock);
 	if(ctx->finalized) {
 		lock_basic_unlock(&ctx->cfglock);
+		free(dup);
 		return UB_AFTERFINAL;
 	}
 	if(!cfg_strlist_insert(&ctx->env->cfg->trusted_keys_file_list, dup)) {