Oops, work out expanded buffer length before allocating it...

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index f3bd4e632eebc07384bd368db458a8b4dc3ef2fb..0c68e35f70b95c49efd3c1269734ebb768f86e9a 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -198,11 +198,11 @@ int RAND_status(void)
 static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
                                 int entropy, size_t min_len, size_t max_len)
         {
+       /* Round up request to multiple of block size */
+       min_len = ((min_len + 19) / 20) * 20;
        *pout = OPENSSL_malloc(min_len);
        if (!*pout)
                return 0;
-       /* Round up request to multiple of block size */
-       min_len = ((min_len + 19) / 20) * 20;
        if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
                {
                OPENSSL_free(*pout);