diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index 26ce144683664d51ccac8fe3e03c20626c97be75..25e6a0cd74abfbb620fd57c44015007283267ddf 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -258,6 +258,7 @@ static int read_classperms(policydb_t *policydb, char **ptr, char *end,
         node->next = classperms;
         classperms = node;
         free(id);
+        id = NULL;
     } while (p < end && openparens);
 
     if (p == end)
@@ -325,6 +326,8 @@ static int read_classperms(policydb_t *policydb, char **ptr, char *end,
         if (!strcmp(id, "*")) {
             for (node = classperms; node; node = node->next)
                 node->data = ~0;
+            free(id);
+            id = NULL;
             continue;
         }
 
@@ -341,6 +344,7 @@ static int read_classperms(policydb_t *policydb, char **ptr, char *end,
             node->data |= 1U << (perm->s.value - 1);
         }
         free(id);
+        id = NULL;
     } while (p < end && openparens);
 
     if (p == end)
@@ -361,6 +365,12 @@ static int read_classperms(policydb_t *policydb, char **ptr, char *end,
     *ptr = p;
     return 0;
 err:
+    // free classperms memory
+    for (node = classperms; node; ) {
+      class_perm_node_t *freeptr = node;
+      node = node->next;
+      free(freeptr);
+    }
     return -1;
 }