Fix some resource leaks in the apps

Reviewed-by: Tim Hudson <tjh@openssl.org>
diff --git a/apps/cms.c b/apps/cms.c
index 52186d2..9c41a97 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -412,6 +412,11 @@
             noout = print = 1;
             break;
         case OPT_SECRETKEY:
+            if (secret_key != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+                goto opthelp;
+            }
             secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
             if (secret_key == NULL) {
                 BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
@@ -420,6 +425,11 @@
             secret_keylen = (size_t)ltmp;
             break;
         case OPT_SECRETKEYID:
+            if (secret_keyid != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+                goto opthelp;
+            }
             secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
             if (secret_keyid == NULL) {
                 BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
@@ -431,6 +441,11 @@
             pwri_pass = (unsigned char *)opt_arg();
             break;
         case OPT_ECONTENT_TYPE:
+            if (econtent_type != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+                goto opthelp;
+            }
             econtent_type = OBJ_txt2obj(opt_arg(), 0);
             if (econtent_type == NULL) {
                 BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());