diff --git a/src/quic_deprotection.cpp b/src/quic_deprotection.cpp
index 58565d1..861d947 100644
--- a/src/quic_deprotection.cpp
+++ b/src/quic_deprotection.cpp
@@ -172,6 +172,8 @@ static void quic_decrypt_message(quic_pp_cipher *pp_cipher, const char *payload,
 	buffer_length = length - (pkn_len + 16);
 	if (buffer_length == 0 || buffer_length >1500)
 	{
+		g_free(header);
+		header=NULL;
 		*error = (const guchar *)"Decryption not possible, ciphertext is too short or too long";
 		return;
 	}
@@ -185,30 +187,48 @@ static void quic_decrypt_message(quic_pp_cipher *pp_cipher, const char *payload,
 
 	gcry_cipher_reset(pp_cipher->pp_cipher);
 	err = gcry_cipher_setiv(pp_cipher->pp_cipher, nonce, TLS13_AEAD_NONCE_LENGTH);
-	if (err) {
-		//printf("Decryption (setiv) failed: %s\n", gcry_strerror(err));
+	if (err) 
+	{
+		g_free(header);
+		header=NULL;
+		g_free(buffer);
+		buffer=NULL;
 		*error = (const guchar *)"Decryption (setiv) failed";
 		return;
 	}
 
 	// associated data (A) is the contents of QUIC header
 	err = gcry_cipher_authenticate(pp_cipher->pp_cipher, header, header_length);
-	if (err) {
-		//printf("Decryption (authenticate) failed: %s\n", gcry_strerror(err));
+	if (err) 
+	{
+		g_free(header);
+		header=NULL;
+		g_free(buffer);
+		buffer=NULL;
 		*error = (const guchar *)"Decryption (authenticate) failed";
 		return;
 	}
 
 	// Output ciphertext (C)
 	err = gcry_cipher_decrypt(pp_cipher->pp_cipher, buffer, buffer_length, NULL, 0);
-	if (err) {
+	if (err)
+	{
+		g_free(header);
+		header=NULL;
+		g_free(buffer);
+		buffer=NULL;
 		//printf("Decryption (decrypt) failed: %s\n", gcry_strerror(err));
 		*error = (const guchar *)"Decryption (decrypt) failed";
 		return;
 	}
 
 	err = gcry_cipher_checktag(pp_cipher->pp_cipher, atag, 16);
-	if (err) {
+	if (err) 
+	{
+		g_free(header);
+		header=NULL;
+		g_free(buffer);
+		buffer=NULL;
 		//printf("Decryption (checktag) failed: %s\n", gcry_strerror(err));
 		*error = (const guchar *)"Decryption (checktag) failed";
 		return;