diff --git a/doc/changelog.txt b/doc/changelog.txt
index 14db878..c4a7ead 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ HEAD
 ====
 Fixes:
 - length2, SYSRQ, RAWNAT: preinitialize values for ipv6_find_hdr
+- TARPIT: fix memory leak when tarpit_generic() fails
 
 
 v1.45 (2012-07-16)
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 58f12e4..0e66279 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -237,7 +237,7 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
 	((u_int8_t *)tcph)[13] = 0;
 
 	if (!tarpit_generic(tcph, oth, payload, mode))
-		return;
+		goto free_nskb;
 
 	/* Adjust TCP checksum */
 	tcph->check = 0;
@@ -398,7 +398,7 @@ static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook,
 
 	payload = nskb->len - sizeof(struct ipv6hdr) - sizeof(struct tcphdr);
 	if (!tarpit_generic(&oth, tcph, payload, mode))
-		return;
+		goto free_nskb;
 
 	ip6h->payload_len = htons(sizeof(struct tcphdr));
 	tcph->check = 0;