diff --git a/RELNOTES b/RELNOTES
index f5c02053..db930e0a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -70,10 +70,12 @@ by Eric Young (eay@cryptsoft.com).
   and its ATF unit tests when failover is disabled.
   [ISC-Bugs #40372]
 
-- Fixed several potential null references.  Thanks to Bill Parker
-  (wp02855 at gmail dot com) who identified these issues and supplied
-  patches to address them.
+- Fixed several issues static analysis issues such as potential null
+  references, unchecked strdup returns.  Thanks to Bill Parker (wp02855 at
+  gmail dot com) who identified these issues and supplied patches to
+  address them.
   [ISC-Bugs #40754]
+  [ISC-Bugs #40823]
 
 - The linux packet filter code now correctly treats only least significant
   12 bits an inbound packet's TCI value as the VLAN id (per IEEE 802.1Q).
diff --git a/server/confpars.c b/server/confpars.c
index 4b2907d4..42a1712d 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -2687,7 +2687,13 @@ void parse_subnet_declaration (cfile, share)
 	if (host_addr (subnet -> net, subnet -> netmask)) {
 		char *maskstr;
 
+		/* dup it, since piaddr is re-entrant */
 		maskstr = strdup (piaddr (subnet -> netmask));
+		if (maskstr == NULL) {
+			log_fatal("Allocation of subnet maskstr failed: %s",
+			    piaddr (subnet -> net));
+		}
+
 		parse_warn (cfile,
 		   "subnet %s netmask %s: bad subnet number/mask combination.",
 			    piaddr (subnet -> net), maskstr);