diff --git a/changes/cov_485,486,487 b/changes/cov_485,486,487
new file mode 100644
index 0000000000..648b010f5d
--- /dev/null
+++ b/changes/cov_485,486,487
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Fix memory leaks in the failing cases of the new SocksPort and
+      ControlPort code. Found by Coverity Scan. Bugfix on
+      0.2.3.3-alpha; fixes coverity CID 485, 486, and 487.
+
diff --git a/src/or/config.c b/src/or/config.c
index 3080da0485..c5322f5120 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1077,8 +1077,11 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     }
 
     /* Adjust the client port configuration so we can launch listeners. */
-    if (parse_client_ports(options, 0, msg, &n_client_ports))
-      return -1;
+    if (parse_client_ports(options, 0, msg, &n_client_ports)) {
+      if (!*msg)
+        *msg = tor_strdup("Unexpected problem parsing client port config");
+      goto rollback;
+    }
 
     /* Set the hibernation state appropriately.*/
     consider_hibernation(time(NULL));
diff --git a/src/or/connection.c b/src/or/connection.c
index af0572905d..bf39a5cb9c 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1988,13 +1988,13 @@ retry_all_listeners(smartlist_t *replaced_conns,
                       options->ControlListenAddress,
                       options->ControlPort, "127.0.0.1",
                       new_conns, 0) < 0)
-    return -1;
+    retval = -1;
   if (retry_listeners(listeners,
                       CONN_TYPE_CONTROL_LISTENER,
                       options->ControlSocket,
                       options->ControlSocket ? 1 : 0, NULL,
                       new_conns, 1) < 0)
-    return -1;
+    retval = -1;
 
   /* Any members that were still in 'listeners' don't correspond to
    * any configured port.  Kill 'em. */