diff --git a/src/dh.c b/src/dh.c
index 10830441..6c698139 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -571,13 +571,21 @@ int ssh_fallback_group(uint32_t pmax,
     *generator = NULL;
 
     if (pmax < 3072) {
-        *modulus = ssh_dh_group14;
+        bignum_dup(ssh_dh_group14, modulus);
     } else if (pmax < 6144) {
-        *modulus = ssh_dh_group16;
+        bignum_dup(ssh_dh_group16, modulus);
     } else {
-        *modulus = ssh_dh_group18;
+        bignum_dup(ssh_dh_group18, modulus);
+    }
+    if (*modulus == NULL) {
+        return SSH_ERROR;
+    }
+
+    bignum_dup(ssh_dh_generator, generator);
+    if (*generator == NULL) {
+        bignum_safe_free((*modulus));
+        return SSH_ERROR;
     }
-    *generator = ssh_dh_generator;
 
     return SSH_OK;
 }