diff --git a/src/smm/sm-global-platform.c b/src/smm/sm-global-platform.c
index bf0fb9e5..2ccbf9a4 100644
--- a/src/smm/sm-global-platform.c
+++ b/src/smm/sm-global-platform.c
@@ -384,8 +384,10 @@ sm_gp_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info,
 		if (sm_gp_encrypt_command_data(ctx, gp_session->session_enc, apdu->data, apdu->datalen, &encrypted, &encrypted_len))
 			LOG_TEST_RET(ctx, SC_ERROR_SM_ENCRYPT_FAILED, "SM GP securize APDU: data encryption error");
 
-		if (encrypted_len + 8 > SC_MAX_APDU_BUFFER_SIZE)
-			LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "SM GP securize APDU: not enough place for encrypted data");
+		if (encrypted_len + 8 > SC_MAX_APDU_BUFFER_SIZE) {
+			rv = SC_ERROR_BUFFER_TOO_SMALL;
+			LOG_TEST_GOTO_ERR(ctx, rv, "SM GP securize APDU: not enough place for encrypted data");
+		}
 
 		sc_debug(ctx, SC_LOG_DEBUG_SM,
 		       "SM GP securize APDU: encrypted length %"SC_FORMAT_LEN_SIZE_T"u",
@@ -404,7 +406,7 @@ sm_gp_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info,
 	memcpy(buff + 5, apdu_data, apdu->datalen);
 
 	rv = sm_gp_get_mac(gp_session->session_mac, &gp_session->mac_icv, buff, 5 + apdu->datalen, &mac);
-	LOG_TEST_RET(ctx, rv, "SM GP securize APDU: get MAC error");
+	LOG_TEST_GOTO_ERR(ctx, rv, "SM GP securize APDU: get MAC error");
 
 	if (gp_level == SM_GP_SECURITY_MAC)   {
 		memcpy(apdu_data + apdu->datalen, mac, 8);
@@ -432,10 +434,13 @@ sm_gp_securize_apdu(struct sc_context *ctx, struct sm_info *sm_info,
 			apdu->cse = SC_APDU_CASE_3_SHORT;
 
 		free(encrypted);
+		encrypted = NULL;
 	}
 
 	memcpy(sm_info->session.gp.mac_icv, mac, 8);
 
+err:
+	free(encrypted);
 	LOG_FUNC_RETURN(ctx, rv);
 }