diff --git a/ChangeLog b/ChangeLog
index 4a75d6e83..72d55eee5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,7 @@ Bugfix
    * Fixed parse error in ssl_parse_certificate_request()
    * zlib compression/decompression skipped on empty blocks
    * Support for AIX header locations in net.c module
+   * Fixed file descriptor leaks
 
 Security
    * RSA blinding on CRT operations to counter timing attacks
diff --git a/library/x509parse.c b/library/x509parse.c
index 2ab52fba4..55cc9e378 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2053,7 +2053,10 @@ cleanup:
         i = stat( entry_name, &sb );
 
         if( i == -1 )
+        {
+            closedir( dir );
             return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+        }
 
         if( !S_ISREG( sb.st_mode ) )
             continue;