DF-0207
Memory leak in clist_alloc_cblocks: old c_data never freed on resize
Summary
clist_alloc_cblocks(:61) kmalloc new data, bcopy from old(:71-74), cl->c_data=data(:80) WITHOUT kfree of old. Every ccmax change leaks old_ccmax*sizeof(short). Reachable: unpriv pty open+tcsetattr varying baud -> ttywatermarks -> clist_alloc_cblocks. Sustained -> kmem exhaustion DoS.