diff --git a/ChangeLog b/ChangeLog
index 4ae26dbb9..4eff0b30d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ PolarSSL ChangeLog
 = Branch 1.1
 Bugfix
    * Fixed potential memory leak when failing to resume a session
+   * Fixed potential file descriptor leaks
 
 Security
    * Potential buffer-overflow for ssl_read_record() (independently found by
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 882d68618..1e0ae1901 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -360,7 +360,10 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path )
         return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
 
     if( ( ret = ctr_drbg_random( ctx, buf, CTR_DRBG_MAX_INPUT ) ) != 0 )
+    {
+        fclose( f );
         return( ret );
+    }
 
     if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT )
     {
@@ -386,7 +389,10 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
     fseek( f, 0, SEEK_SET );
 
     if( n > CTR_DRBG_MAX_INPUT )
+    {
+        fclose( f );
         return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    }
 
     if( fread( buf, 1, n, f ) != n )
     {