Fix potential double-free in ssl_set_psk()
diff --git a/ChangeLog b/ChangeLog
index 89caddb..14ae034 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
      on crafted PEM input data. Found an fix provided by Guid Vranken.
      Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
      data from an untrusted source.
+   * Fix potential double-free if ssl_set_psk() is called repeatedly on
+     the same ssl_context object and some memory allocations fail.
+     Found by Guido Vranken. Can not be forced remotely.
 
 = mbed TLS 1.3.13 reladsed 2015-09-17
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 96e867b..f16bb53 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4064,7 +4064,9 @@
         ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL )
     {
         polarssl_free( ssl->psk );
+        polarssl_free( ssl->psk_identity );
         ssl->psk = NULL;
+        ssl->psk_identity = NULL;
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }