diff --git a/ChangeLog b/ChangeLog
index 0667d2348..1708dd362 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,8 @@ Bugfix
    client certificate.
    * ssl_srv was leaking memory when client presented a timed out ticket
    containing a client certificate
+   * ssl_init() was leaving a dirty pointer in ssl_context if malloc of
+     out_ctr failed
 
 = PolarSSL 1.3.4 released on 2014-01-27
 Features
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 20cb9bdc7..3fd6e341a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3427,7 +3427,8 @@ int ssl_init( ssl_context *ssl )
     if( ssl->out_ctr == NULL )
     {
         SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
-        polarssl_free( ssl-> in_ctr );
+        polarssl_free( ssl->in_ctr );
+        ssl->in_ctr = NULL;
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }