This is the straightforward way to fix the leak of nfile in case the repo isn't found. The other option would be to defer the strdup until after successful lookup, but that felt clunky.
While I'm here: Any objections to silencing this annoying compiler warning in main.c? The other option would be to remove "file" and add it back once it's actually going to be used. Index: main.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v retrieving revision 1.176 diff -u -p -U5 -r1.176 main.c --- main.c 14 Jan 2022 15:00:23 -0000 1.176 +++ main.c 19 Jan 2022 08:22:53 -0000 @@ -427,12 +427,14 @@ queue_add_from_tal(struct tal *tal) if ((nfile = strdup(nfile + 1)) == NULL) err(1, NULL); /* Look up the repository. */ repo = ta_lookup(tal->id, tal); - if (repo == NULL) + if (repo == NULL) { + free(nfile); return; + } /* steal the pkey from the tal structure */ data = tal->pkey; tal->pkey = NULL; entityq_add(NULL, nfile, RTYPE_CER, repo, data, tal->pkeysz, tal->id); @@ -769,10 +771,11 @@ main(int argc, char *argv[]) case 'e': rsync_prog = optarg; break; case 'f': file = optarg; + (void)file; noop = 1; break; case 'j': outformats |= FORMAT_JSON; break;