diff --git a/src/dh.c b/src/dh.c
index 05903daf..18b71734 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -361,6 +361,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   rc = ssh_dh_keypair_set_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR,
                                NULL, server_pubkey);
   if (rc != SSH_OK) {
+      SSH_STRING_FREE(pubkey_blob);
       bignum_safe_free(server_pubkey);
       goto error;
   }
diff --git a/src/packet_cb.c b/src/packet_cb.c
index 4e692915..39575b17 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -129,6 +129,8 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
     }
 
     rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
+    ssh_string_burn(sig_blob);
+    SSH_STRING_FREE(sig_blob);
     if (rc != SSH_OK) {
         goto error;
     }
@@ -152,9 +154,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                   server_key,
                                   session->next_crypto->secret_hash,
                                   session->next_crypto->digest_len);
-    ssh_string_burn(sig_blob);
-    SSH_STRING_FREE(sig_blob);
-    ssh_signature_free(sig);
+    SSH_SIGNATURE_FREE(sig);
     if (rc == SSH_ERROR) {
       goto error;
     }
@@ -170,6 +170,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
   session->ssh_connection_callback(session);
   return SSH_PACKET_USED;
 error:
+  SSH_SIGNATURE_FREE(sig);
+  ssh_string_burn(sig_blob);
+  SSH_STRING_FREE(sig_blob);
   session->session_state = SSH_SESSION_STATE_ERROR;
   return SSH_PACKET_USED;
 }