diff --git a/src/kex.c b/src/kex.c
index e81a710..2a5ebc2 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -1133,6 +1133,9 @@ static int kexinit(LIBSSH2_SESSION * session)
     } else {
         data = session->kexinit_data;
         data_len = session->kexinit_data_len;
+	/* zap the variables to ensure there is NOT a double free later */
+        session->kexinit_data = NULL;
+        session->kexinit_data_len = 0;
     }
 
     rc = _libssh2_transport_write(session, data, data_len);
diff --git a/src/session.c b/src/session.c
index 2a44ba9..f904366 100644
--- a/src/session.c
+++ b/src/session.c
@@ -836,6 +836,9 @@ session_free(LIBSSH2_SESSION *session)
         LIBSSH2_FREE(session, session->hostkey_prefs);
     }
 
+    if (session->local.kexinit) {
+        LIBSSH2_FREE(session, session->local.kexinit);
+    }
     if (session->local.crypt_prefs) {
         LIBSSH2_FREE(session, session->local.crypt_prefs);
     }
@@ -849,6 +852,9 @@ session_free(LIBSSH2_SESSION *session)
         LIBSSH2_FREE(session, session->local.lang_prefs);
     }
 
+    if (session->remote.kexinit) {
+        LIBSSH2_FREE(session, session->remote.kexinit);
+    }
     if (session->remote.crypt_prefs) {
         LIBSSH2_FREE(session, session->remote.crypt_prefs);
     }
@@ -865,6 +871,9 @@ session_free(LIBSSH2_SESSION *session)
     /*
      * Make sure all memory used in the state variables are free
      */
+    if (session->kexinit_data) {
+        LIBSSH2_FREE(session, session->kexinit_data);
+    }
     if (session->startup_data) {
         LIBSSH2_FREE(session, session->startup_data);
     }