atom · shiftkey · Oct 12, 2020 · Aug 1, 2020
diff --git a/src/keytar_mac.cc b/src/keytar_mac.cc
@@ -213,9 +213,12 @@ Credentials getCredentialsForItem(CFDictionaryRef item) {
   CFDictionaryAddValue(query, kSecReturnData, kCFBooleanTrue);
   CFDictionaryAddValue(query, kSecAttrAccount, account);
 
-  CFTypeRef result;
+  Credentials cred;
+  CFTypeRef result = NULL;
   OSStatus status = SecItemCopyMatching((CFDictionaryRef) query, &result);
 
+  CFRelease(query);
+
   if (status == errSecSuccess) {
       CFDataRef passwordData = (CFDataRef) CFDictionaryGetValue(
         (CFDictionaryRef) result,
@@ -225,15 +228,18 @@ Credentials getCredentialsForItem(CFDictionaryRef item) {
         passwordData,
         kCFStringEncodingUTF8);
 
-      Credentials cred = Credentials(
+      cred = Credentials(
         CFStringToStdString(account),
         CFStringToStdString(password));
+
       CFRelease(password);
+  }
 
-      return cred;
+  if (result != NULL) {
+    CFRelease(result);
   }
 
-  return Credentials();
+  return cred;
 }
 
 KEYTAR_OP_RESULT FindCredentials(const std::string& service,
@@ -255,9 +261,12 @@ KEYTAR_OP_RESULT FindCredentials(const std::string& service,
   CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue);
   CFDictionaryAddValue(query, kSecReturnAttributes, kCFBooleanTrue);
 
-  CFTypeRef result;
+  CFTypeRef result = NULL;
   OSStatus status = SecItemCopyMatching((CFDictionaryRef) query, &result);
 
+  CFRelease(serviceStr);
+  CFRelease(query);
+
   if (status == errSecSuccess) {
     CFArrayRef resultArray = (CFArrayRef) result;
     int resultCount = CFArrayGetCount(resultArray);
@@ -277,13 +286,10 @@ KEYTAR_OP_RESULT FindCredentials(const std::string& service,
     return FAIL_ERROR;
   }
 
-
   if (result != NULL) {
     CFRelease(result);
   }
 
-  CFRelease(query);
-
   return SUCCESS;
 }