From 383bc117bb90377b2cd8667be8b00150917bb5c9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Apr 2011 20:24:55 +0000 Subject: [PATCH] Oops, work out expanded buffer length before allocating it... --- crypto/rand/rand_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index f3bd4e632e..0c68e35f70 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -198,11 +198,11 @@ int RAND_status(void) static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { + /* Round up request to multiple of block size */ + min_len = ((min_len + 19) / 20) * 20; *pout = OPENSSL_malloc(min_len); if (!*pout) return 0; - /* Round up request to multiple of block size */ - min_len = ((min_len + 19) / 20) * 20; if (RAND_SSLeay()->bytes(*pout, min_len) <= 0) { OPENSSL_free(*pout); -- GitLab