diff -urNb ./../nmap-3.77org/MACLookup.cc ./MACLookup.cc
--- ./../nmap-3.77org/MACLookup.cc	2004-08-29 02:12:02.000000000 -0700
+++ ./MACLookup.cc	2004-12-09 10:13:29.637545700 -0800
@@ -221,3 +221,10 @@
   ent = findMACEntry(MacCharPrefix2Key(prefix));
   return (ent)? ent->vendor : NULL;
 }
+
+void mac_table_free() {
+    if (MacTable.table) {
+	free(MacTable.table);
+	MacTable.table = NULL;
+    }
+}
diff -urNb ./../nmap-3.77org/MACLookup.h ./MACLookup.h
--- ./../nmap-3.77org/MACLookup.h	2004-08-29 02:12:02.000000000 -0700
+++ ./MACLookup.h	2004-12-09 10:13:29.747420500 -0800
@@ -111,4 +111,6 @@
    is some other error. */
 const char *MACPrefix2Corp(const u8 *prefix);
 
+void mac_table_free(void);
+
 #endif /* MACLOOKUP_H */
diff -urNb ./../nmap-3.77org/charpool.cc ./charpool.cc
--- ./../nmap-3.77org/charpool.cc	2004-08-29 02:12:03.000000000 -0700
+++ ./charpool.cc	2004-12-09 10:13:39.730330900 -0800
@@ -182,3 +182,14 @@
 
  return cp_strdup(src);
 }
+
+void cp_free(void) {
+int i;
+
+ if (charpool_initialized) {
+    for(i=0; i<=currentcharpool; i++) {
+       free(charpool[i]);
+       charpool[i] = NULL;
+    }
+ }
+}
diff -urNb ./../nmap-3.77org/charpool.h ./charpool.h
--- ./../nmap-3.77org/charpool.h	2004-08-29 02:12:03.000000000 -0700
+++ ./charpool.h	2004-12-09 10:13:39.808812900 -0800
@@ -107,4 +107,5 @@
 
 void *cp_alloc(int sz);
 char *cp_strdup(const char *src);
+void cp_free();
 #endif
diff -urNb ./../nmap-3.77org/mswin32/winip/winip.c ./mswin32/winip/winip.c
--- ./../nmap-3.77org/mswin32/winip/winip.c	2004-09-15 03:31:41.000000000 -0700
+++ ./mswin32/winip/winip.c	2004-12-09 10:14:48.307902500 -0800
@@ -520,6 +520,8 @@
 static void winip_cleanup(void)
 {
   free(ipblock);
+  free(iftable);
+  free(nametable);
 
   WSACleanup();
 }
diff -urNb ./../nmap-3.77org/nmap.cc ./nmap.cc
--- ./../nmap-3.77org/nmap.cc	2004-11-09 19:48:26.000000000 -0800
+++ ./nmap.cc	2004-12-09 10:26:01.590636300 -0800
@@ -107,6 +107,8 @@
 #include "timing.h"
 #include "NmapOps.h"
 
+static void nmap_cleanup( void );
+
 /* global options */
 extern char *optarg;
 extern int optind;
@@ -290,6 +292,8 @@
       {0, 0, 0, 0}
     };
 
+  atexit(nmap_cleanup);
+
   /* argv faking silliness */
   fakeargv = (char **) safe_malloc(sizeof(char *) * (argc + 1));
   for(i=0; i < argc; i++) {
@@ -1195,6 +1199,18 @@
 }      
       
 
+/* clean up datastructures before quitting */
+
+static void nmap_cleanup(void)
+{
+  if (o.osscan) {
+    free_fingerprint_ref(o.reference_FPs);
+    free(o.reference_FPs);
+  }
+  cp_free();
+  output_cleanup();
+}
+
 /* Reads in a (normal or machine format) Nmap log file and gathers enough
    state to allow Nmap to continue where it left off.  The important things
    it must gather are:
diff -urNb ./../nmap-3.77org/osscan.cc ./osscan.cc
--- ./../nmap-3.77org/osscan.cc	2004-10-12 02:34:11.000000000 -0700
+++ ./osscan.cc	2004-12-09 10:30:10.880165100 -0800
@@ -115,7 +115,8 @@
 #  include <time.h>
 # endif
 #endif
-
+#define FREE_VAR(var) free((void *)var)
+#define MAX_RECORDS 4096
 extern NmapOps o;
 /*  predefined filters -- I need to kill these globals at some pont. */
 extern unsigned long flt_dsthost, flt_srchost;
@@ -1541,18 +1542,55 @@
   return FP;
 }
 
+void free_fingerprint_ref(FingerPrint **reference) {
+    int i;
+    int ischarpool = 1;
+    struct AVal *results;
+    struct AVal *next_result;
+    FingerPrint *fprint_ref;
+    FingerPrint *next_fprint_ref;
+
+    assert(reference);
+
+    for (i=0; i< MAX_RECORDS; i++) {
+	if(reference[i]) {
+	    fprint_ref = reference[i];
+	    while(fprint_ref) {
+		next_fprint_ref = fprint_ref->next;
+		if(fprint_ref->name) {
+		    FREE_VAR(fprint_ref->name);
+		    fprint_ref->name = NULL;
+		}
+		if(results=fprint_ref->results) {
+		    while(results) {
+			next_result = results->next;
+			if(results->attribute) {
+			    free(results->attribute);
+			    results->attribute = NULL;
+			}
+			results = next_result;
+		    }
+		    free(fprint_ref->results);
+		    fprint_ref->results = NULL;
+		}
+		free(fprint_ref);
+		fprint_ref = next_fprint_ref;
+	    }
+	}
+    }
+}
+
 FingerPrint **parse_fingerprint_file(char *fname) {
 FingerPrint **FPs;
 FingerPrint *current;
 FILE *fp;
-int max_records = 4096; 
 char line[512];
 int numrecords = 0;
 int lineno = 0;
 int classno = 0; /* Number of Class lines dealt with so far */
 char *p, *q; /* OH YEAH!!!! */
 
- FPs = (FingerPrint **) safe_zalloc(sizeof(FingerPrint *) * max_records); 
+ FPs = (FingerPrint **) safe_zalloc(sizeof(FingerPrint *) * MAX_RECORDS);
 
  fp = fopen(fname, "r");
  if (!fp) fatal("Unable to open Nmap fingerprint file: %s", fname);
@@ -1629,7 +1667,7 @@
   }
   /* printf("Read in fingerprint:\n%s\n", fp2ascii(FPs[numrecords])); */
   numrecords++;
-  if (numrecords >= max_records)
+  if (numrecords >= MAX_RECORDS)
     fatal("Too many OS fingerprints -- 0verfl0w");
 }
 fclose(fp);
diff -urNb ./../nmap-3.77org/osscan.h ./osscan.h
--- ./../nmap-3.77org/osscan.h	2004-10-12 02:34:11.000000000 -0700
+++ ./osscan.h	2004-12-09 10:14:02.599985700 -0800
@@ -139,6 +139,7 @@
 FingerPrint *parse_single_fingerprint(char *fprint_orig);
 FingerPrint **parse_fingerprint_file(char *fname);
 FingerPrint **parse_fingerprint_reference_file();
+void free_fingerprint_ref(FingerPrint **reference);
 
 /* Compares 2 fingerprints -- a referenceFP (can have expression
    attributes) with an observed fingerprint (no expressions).  If
diff -urNb ./../nmap-3.77org/output.cc ./output.cc
--- ./../nmap-3.77org/output.cc	2004-11-05 19:41:53.000000000 -0800
+++ ./output.cc	2004-12-09 10:19:21.887057200 -0800
@@ -1177,4 +1177,7 @@
 }
 
 
-
+void output_cleanup()
+{
+  mac_table_free();
+}
diff -urNb ./../nmap-3.77org/output.h ./output.h
--- ./../nmap-3.77org/output.h	2004-10-12 02:34:11.000000000 -0700
+++ ./output.h	2004-12-09 10:19:24.688425100 -0800
@@ -197,4 +197,6 @@
 		      time_t starttime);
 
 char* xml_convert (const char* str);
+
+void output_cleanup(void);
 #endif /* OUTPUT_H */
diff -urNb ./../nmap-3.77org/tcpip.cc ./tcpip.cc
--- ./../nmap-3.77org/tcpip.cc	2004-11-03 17:23:10.000000000 -0800
+++ ./tcpip.cc	2004-12-09 10:33:53.673977100 -0800
@@ -139,6 +139,10 @@
 int if2nameindex(int ifi);
 #endif
 
+void cleanup_buf(void);
+
+static char *alignedbuf = NULL;
+static unsigned int alignedbufsz=0;
 
 #ifndef WIN32 /* Already defined in wintcpip.c for now */
 void sethdrinclude(int sd) {
@@ -1550,9 +1554,8 @@
 int datalink;
 int timedout = 0;
 struct timeval tv_start, tv_end;
-static char *alignedbuf = NULL;
-static unsigned int alignedbufsz=0;
 static int warning = 0;
+static int firstTime = 0;
 if (linknfo) { memset(linknfo, 0, sizeof(*linknfo)); }
 
 #ifdef WIN32
@@ -1686,6 +1689,10 @@
  }
  *len = head.caplen - offset;
  if (*len > alignedbufsz) {
+	 if (!firstTime) {
+		 firstTime = 1;
+		 atexit(cleanup_buf);
+	 }
    alignedbuf = (char *) realloc(alignedbuf, *len);
    if (!alignedbuf) {
      fatal("Unable to realloc %d bytes of mem", *len);
@@ -2493,3 +2500,10 @@
   }
   return 0;
 }
+
+void cleanup_buf( void ) {
+  if (alignedbuf) {
+     free(alignedbuf);
+     alignedbuf = NULL;
+  }
+}