diff --git a/changes/bug23874 b/changes/bug23874
new file mode 100644
index 0000000000..bf6620553d
--- /dev/null
+++ b/changes/bug23874
@@ -0,0 +1,3 @@
+  o Minor bugfixes (memory safety):
+    - Clear the address when node_get_prim_orport() returns early.
+      Fixes bug 23874; bugfix on 0.2.8.2-alpha.
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 070e2e9e0d..0e9a651818 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -1031,6 +1031,14 @@ node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
   node_assert_ok(node);
   tor_assert(ap_out);
 
+  /* Clear the address, as a safety precaution if calling functions ignore the
+   * return value */
+  tor_addr_make_null(&ap_out->addr, AF_INET);
+  ap_out->port = 0;
+
+  /* Check ri first, because rewrite_node_address_for_bridge() updates
+   * node->ri with the configured bridge address. */
+
   RETURN_IPV4_AP(node->ri, or_port, ap_out);
   RETURN_IPV4_AP(node->rs, or_port, ap_out);
   /* Microdescriptors only have an IPv6 address */