diff --git a/ssh.c b/ssh.c
index 735bc174..368cabef 100644
--- a/ssh.c
+++ b/ssh.c
@@ -9458,6 +9458,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
                     logevent("Sent public key signature");
 		    s->type = AUTH_TYPE_PUBLICKEY;
 		    key->alg->freekey(key->data);
+                    sfree(key->comment);
+                    sfree(key);
 		}
 
 #ifndef NO_GSSAPI
diff --git a/sshpubk.c b/sshpubk.c
index 63b54b12..a4ecb9d5 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -837,7 +837,7 @@ unsigned char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
     int public_blob_len;
     int i;
     const char *error = NULL;
-    char *comment;
+    char *comment = NULL;
 
     public_blob = NULL;
 
@@ -862,11 +862,10 @@ unsigned char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
 	goto error;
     /* Select key algorithm structure. */
     alg = find_pubkey_alg(b);
+    sfree(b);
     if (!alg) {
-	sfree(b);
 	goto error;
     }
-    sfree(b);
 
     /* Read the Encryption header line. */
     if (!read_header(fp, header) || 0 != strcmp(header, "Encryption"))
@@ -913,6 +912,10 @@ unsigned char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
 	sfree(public_blob);
     if (errorstr)
 	*errorstr = error;
+    if (comment && commentptr) {
+        sfree(comment);
+        *commentptr = NULL;
+    }
     return NULL;
 }