diff --git a/ChangeLog b/ChangeLog
index 84115d495..939024307 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@ Bugfix
    * SSL now gracefully handles missing RNG
    * Missing defines / cases for RSA_PSK key exchange
    * crypt_and_hash app checks MAC before final decryption
+   * Potential memory leak in ssl_ticket_keys_init()
 
 = PolarSSL 1.3.2 released on 2013-11-04
 Features
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a903b3e0d..c2f560335 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3449,17 +3449,24 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
 
     if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
+    {
+        polarssl_free( tkeys );
         return( ret );
+    }
 
     if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
         ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
         ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
     {
-            return( ret );
+        polarssl_free( tkeys );
+        return( ret );
     }
 
     if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
+    {
+        polarssl_free( tkeys );
         return( ret );
+    }
 
     ssl->ticket_keys = tkeys;