diff --git a/src/libsystemd-network/dhcp-server-internal.h b/src/libsystemd-network/dhcp-server-internal.h
index 607f9f0c2fa02..466d4541c368a 100644
--- a/src/libsystemd-network/dhcp-server-internal.h
+++ b/src/libsystemd-network/dhcp-server-internal.h
@@ -115,6 +115,9 @@ int dhcp_server_send_packet(sd_dhcp_server *server,
 void client_id_hash_func(const DHCPClientId *p, struct siphash *state);
 int client_id_compare_func(const DHCPClientId *a, const DHCPClientId *b);
 
+DHCPLease *dhcp_lease_free(DHCPLease *lease);
+DEFINE_TRIVIAL_CLEANUP_FUNC(DHCPLease*, dhcp_lease_free);
+
 #define log_dhcp_server_errno(server, error, fmt, ...)          \
         log_interface_prefix_full_errno(                        \
                 "DHCPv4 server: ",                              \
diff --git a/src/libsystemd-network/fuzz-dhcp-server.c b/src/libsystemd-network/fuzz-dhcp-server.c
index b35f1ac6daa71..ad00654a91bfa 100644
--- a/src/libsystemd-network/fuzz-dhcp-server.c
+++ b/src/libsystemd-network/fuzz-dhcp-server.c
@@ -17,36 +17,59 @@ ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) {
         return 0;
 }
 
-static void add_lease(sd_dhcp_server *server, const struct in_addr *server_address, uint8_t i) {
+static int add_lease(sd_dhcp_server *server, const struct in_addr *server_address, uint8_t i) {
+        _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL;
         static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
-        DHCPLease *lease;
+        int r;
 
         assert(server);
 
-        assert_se(lease = new0(DHCPLease, 1));
+        lease = new0(DHCPLease, 1);
+        if (!lease)
+                return -ENOMEM;
+
+        lease->client_id.data = malloc(2);
+        if (!lease->client_id.data)
+                return -ENOMEM;
+
         lease->client_id.length = 2;
-        assert_se(lease->client_id.data = malloc(2));
         lease->client_id.data[0] = 2;
         lease->client_id.data[1] = i;
+
         lease->address = htobe32(UINT32_C(10) << 24 | i);
         lease->gateway = server_address->s_addr;
         lease->expiration = UINT64_MAX;
         lease->htype = ARPHRD_ETHER;
         lease->hlen = ETH_ALEN;
         memcpy(lease->chaddr, chaddr, ETH_ALEN);
-        assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0);
-        assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0);
-        lease->server = server;
+
+        lease->server = server; /* This must be set just before hashmap_put(). */
+
+        r = hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease);
+        if (r < 0)
+                return r;
+
+        r = hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease);
+        if (r < 0)
+                return r;
+
+        TAKE_PTR(lease);
+
+        return 0;
 }
 
-static void add_static_lease(sd_dhcp_server *server, uint8_t i) {
+static int add_static_lease(sd_dhcp_server *server, uint8_t i) {
         uint8_t id[2] = { 2, i };
+        int r;
 
         assert(server);
 
-        assert_se(sd_dhcp_server_set_static_lease(server,
-                                                  &(struct in_addr) { .s_addr = htobe32(UINT32_C(10) << 24 | i)},
-                                                  id, ELEMENTSOF(id)) >= 0);
+        r = sd_dhcp_server_set_static_lease(
+                                server,
+                                &(struct in_addr) { .s_addr = htobe32(UINT32_C(10) << 24 | i)},
+                                id, ELEMENTSOF(id));
+
+        return r;
 }
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
@@ -66,12 +89,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0);
 
         /* add leases to the pool to expose additional code paths */
-        add_lease(server, &address, 2);
-        add_lease(server, &address, 3);
+        assert_se(add_lease(server, &address, 2) >= 0);
+        assert_se(add_lease(server, &address, 3) >= 0);
 
         /* add static leases */
-        add_static_lease(server, 3);
-        add_static_lease(server, 4);
+        assert_se(add_static_lease(server, 3) >= 0);
+        assert_se(add_static_lease(server, 4) >= 0);
 
         (void) dhcp_server_handle_message(server, (DHCPMessage*) duped, size);
 
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index 196867360f1f5..14ac1cf66f18e 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -27,7 +27,7 @@
 #define DHCP_DEFAULT_LEASE_TIME_USEC USEC_PER_HOUR
 #define DHCP_MAX_LEASE_TIME_USEC (USEC_PER_HOUR*12)
 
-static DHCPLease *dhcp_lease_free(DHCPLease *lease) {
+DHCPLease *dhcp_lease_free(DHCPLease *lease) {
         if (!lease)
                 return NULL;
 
@@ -42,8 +42,6 @@ static DHCPLease *dhcp_lease_free(DHCPLease *lease) {
         return mfree(lease);
 }
 
-DEFINE_TRIVIAL_CLEANUP_FUNC(DHCPLease*, dhcp_lease_free);
-
 /* configures the server's address and subnet, and optionally the pool's size and offset into the subnet
  * the whole pool must fit into the subnet, and may not contain the first (any) nor last (broadcast) address
  * moreover, the server's own address may be in the pool, and is in that case reserved in order not to