diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c0fc3a2a4..cb8a7d99f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4064,8 +4064,13 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
     ssl->psk = polarssl_malloc( ssl->psk_len );
     ssl->psk_identity = polarssl_malloc( ssl->psk_identity_len );
 
-    if( ssl->psk == NULL || ssl->psk_identity == NULL )
+    if( ssl->psk == NULL )
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+    if( ssl->psk_identity == NULL )
+    {
+        polarssl_free( ssl->psk );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+    }
 
     memcpy( ssl->psk, psk, ssl->psk_len );
     memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci
new file mode 100644
index 000000000..34cfd082d
--- /dev/null
+++ b/scripts/find-mem-leak.cocci
@@ -0,0 +1,20 @@
+@@
+expression x, y;
+statement S;
+@@
+  x = polarssl_malloc(...);
+  y = polarssl_malloc(...);
+  ...
+* if (x == NULL || y == NULL)
+    S
+
+@@
+expression x, y;
+statement S;
+@@
+  if (
+*   (x = polarssl_malloc(...)) == NULL
+    ||
+*   (y = polarssl_malloc(...)) == NULL
+  )
+    S