ssl/ech/ech_store.c: use OPENSSL_malloc_array() in ech_decode_one_entry()

Use OPENSSL_malloc_array() for ee->suites array allocation, as it is more
semantically sound and performs a size overflow check.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:20:15 2026
(Merged from https://github.com/openssl/openssl/pull/30146)

diff --git a/ssl/ech/ech_store.c b/ssl/ech/ech_store.c
index b327f000f3724588d235873821f8943a9d58c773..67199bc0b4fe41839d00d59671fdc531bbcf6024 100644 (file)
--- a/ssl/ech/ech_store.c
+++ b/ssl/ech/ech_store.c
@@ -364,7 +364,7 @@ static int ech_decode_one_entry(OSSL_ECHSTORE_ENTRY **rent, PACKET *pkt,
     }
     thiskemid = (uint16_t)tmpi;
     ee->nsuites = (unsigned int)(suiteoctets / OSSL_ECH_CIPHER_LEN);
-    ee->suites = OPENSSL_malloc(ee->nsuites * sizeof(*ee->suites));
+    ee->suites = OPENSSL_malloc_array(ee->nsuites, sizeof(*ee->suites));
     if (ee->suites == NULL)
         goto err;
     while (PACKET_copy_bytes(&cipher_suites, cipher,