diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index f85564aeb..c32f9fb93 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -252,11 +252,13 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	if (0) {
  fail:
 		EC_GROUP_free(grp->group);
+		grp->group = NULL;
 		EC_POINT_free(grp->pwe);
+		grp->pwe = NULL;
 		BN_free(grp->order);
+		grp->order = NULL;
 		BN_free(grp->prime);
-		os_free(grp);
-		grp = NULL;
+		grp->prime = NULL;
 		ret = 1;
 	}
 	/* cleanliness and order.... */
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index 37e92348c..a5caf543d 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -725,6 +725,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
 		 */
 		if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
 			wpabuf_free(data->outbuf);
+			data->outbuf = NULL;
 			data->out_frag_pos = 0;
 		}
 		wpa_printf(MSG_DEBUG, "EAP-pwd: Send %s fragment of %d bytes",
@@ -856,8 +857,11 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
 	/*
 	 * if we're not fragmenting then there's no need to carry this around
 	 */
-	if (data->out_frag_pos == 0)
+	if (data->out_frag_pos == 0) {
 		wpabuf_free(data->outbuf);
+		data->outbuf = NULL;
+		data->out_frag_pos = 0;
+	}
 
 	return resp;
 }