diff --git a/CHANGES b/CHANGES
index 3a256cbb0..5e4fa3e70 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
   *) Fix to uni2asc() to cope with zero length Unicode strings.
      These are present in some PKCS#12 files.
      [Steve Henson]
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index f861ec7b1..4e8dcd3a6 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -311,7 +311,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}