diff --git a/CHANGES b/CHANGES
index 32b1a3db53..0745d54c49 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2431.	[bug]		Acl processing could leak memory. [RT #18323]
+
 2430.	[bug]		win32: isc_interval_set() could round down to
 			zero if the input was less than NS_INTERVAL
 			nanoseconds.  Round up instead. [RT #18549]
diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c
index d0cf368caf..b9598a2c30 100644
--- a/lib/isccfg/aclconf.c
+++ b/lib/isccfg/aclconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.17.2.3 2008/07/19 00:09:17 each Exp $ */
+/* $Id: aclconf.c,v 1.17.2.4 2008/09/01 05:40:22 marka Exp $ */
 
 #include <config.h>
 
@@ -175,7 +175,6 @@ cfg_acl_fromconfig(const cfg_obj_t *caml,
 	const cfg_listelt_t *elt;
 	dns_iptable_t *iptab;
 	int new_nest_level = 0;
-	int nelem;
 
 	if (nest_level != 0)
 		new_nest_level = nest_level - 1;
@@ -207,8 +206,6 @@ cfg_acl_fromconfig(const cfg_obj_t *caml,
 			return (result);
 	}
 
-	nelem = cfg_list_length(caml, ISC_FALSE);
-
 	de = dacl->elements;
 	for (elt = cfg_list_first(caml);
 	     elt != NULL;
@@ -354,16 +351,6 @@ nested_acl:
 				if (result != ISC_R_SUCCESS)
 					goto cleanup;
 
-				/*
-				 * There was only one element and it was
-				 * a nested named ACL; attach it to the
-				 * target and let's go home.
-				 */
-				if (nelem == 1) {
-					dns_acl_attach(inneracl, target);
-					goto cleanup;
-				}
-
 				goto nested_acl;
 			}
 		} else {