From: Herman Semenoff <GermanAizek@yandex.ru>
Date: Sat, 25 Apr 2026 04:36:07 +0000 (+0300)
Subject: crypto: fix possible integer overflow using cast size_t
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f799ae3b275c6edcf19ae0f237218b4169e647f;p=thirdparty%2Fopenssl.git

crypto: fix possible integer overflow using cast size_t

Signed-off-by: Herman Semenoff <GermanAizek@yandex.ru>

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Thu Apr 30 07:13:07 2026
(Merged from https://github.com/openssl/openssl/pull/30973)
---

diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index a110fbd3a96..b8bef582a9f 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -347,7 +347,7 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
             if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
                 goto err;
         }
-        len2 += 2 + sct_len;
+        len2 += (size_t)sct_len + 2;
     }
 
     if (len2 > MAX_SCT_LIST_SIZE)