Oops, work out expanded buffer length before allocating it...

crypto/rand/rand_lib.c

@@ -198,11 +198,11 @@ int RAND_status(void)
 static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
                                 int entropy, size_t min_len, size_t max_len)
         {
+	/* Round up request to multiple of block size */
+	min_len = ((min_len + 19) / 20) * 20;
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
-	/* Round up request to multiple of block size */
-	min_len = ((min_len + 19) / 20) * 20;
 	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
 		{
 		OPENSSL_free(*pout);