crypto: fix possible integer overflow using cast size_t

Signed-off-by: Herman Semenoff <GermanAizek@yandex.ru>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Thu Apr 30 07:13:07 2026
(Merged from https://github.com/openssl/openssl/pull/30973)

diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index a110fbd3a96db73f4bdb66bd516a30e01a74ff16..b8bef582a9fd95b65425808587d4ae2c6bb4e798 100644 (file)
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -347,7 +347,7 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
             if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
                 goto err;
         }
-        len2 += 2 + sct_len;
+        len2 += (size_t)sct_len + 2;
     }
 
     if (len2 > MAX_SCT_LIST_SIZE)