diff --git a/cli-kex.c b/cli-kex.c
index dc0550143da45303713b48db8d627c6cbe6b0ec1..bad559c61aceb364ec21e51cc5a5809d2b0b49d2 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -255,5 +255,7 @@ out:
 		fclose(hostsfile);
 	}
 	m_free(filename);
-	buf_free(line);
+	if (line != NULL) {
+		buf_free(line);
+	}
 }
diff --git a/common-kex.c b/common-kex.c
index 0654b199e695fab69997ea51fb18fdd526f0edd8..f8bfe97897d64d81c081a83922fcea23e15dfc64 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -464,6 +464,8 @@ void recv_msg_kexinit() {
 
 /* Initialises and generate one side of the diffie-hellman key exchange values.
  * See the ietf-secsh-transport draft, section 6, for details */
+/* dh_pub and dh_priv will be initialised by this function, and should be
+ * mp_clear()ed after finished */
 void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
 
 	mp_int dh_p, dh_q, dh_g;