diff --git a/library/pkparse.c b/library/pkparse.c
index 68727ec7e..bb5824fc3 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1456,8 +1456,10 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
+        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) {
+            mbedtls_pem_free( &pem );
             return( ret );
+        }
 
         if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
             mbedtls_pk_free( ctx );
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index fe4f30cf8..456f41cef 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -312,7 +312,11 @@ exit:
 #endif
 
     if( session_serialized != NULL )
+    {
         mbedtls_platform_zeroize( session_serialized, session_serialized_len );
+        mbedtls_free(session_serialized);
+        session_serialized = NULL;
+    }
 
     return( ret );
 }