From 4ff5ace9a9be9e85496a2d37d3495aee5aadbc3a Mon Sep 17 00:00:00 2001
From: JurgenLB <77586573+JurgenLB@users.noreply.github.com>
Date: Fri, 19 Dec 2025 22:41:59 +0100
Subject: [PATCH 1/2] Add size checks before casting to int

Added checks to ensure sizes fit into int before casting.
---
 include/jwt-cpp/jwt.h | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h
index 2c232023..74309b4e 100644
--- a/include/jwt-cpp/jwt.h
+++ b/include/jwt-cpp/jwt.h
@@ -722,13 +722,23 @@ namespace jwt {
 			if (key.substr(0, 27) == "-----BEGIN CERTIFICATE-----") {
 				auto epkey = helper::extract_pubkey_from_cert<error_category>(key, password, ec);
 				if (ec) return {};
-				const int len = static_cast<int>(epkey.size());
+				// Ensure the size fits into an int before casting
+				if (epkey.size() > static_cast<std::size_t>(std::numeric_limits<int>::max())) {
+					ec = error_category::load_key_bio_write; // Add an appropriate error here
+					return {};
+				}
+				int len = static_cast<int>(epkey.size());
 				if (BIO_write(pubkey_bio.get(), epkey.data(), len) != len) {
 					ec = error_category::load_key_bio_write;
 					return {};
 				}
 			} else {
-				const int len = static_cast<int>(key.size());
+				// Ensure the size fits into an int before casting
+				if (key.size() > static_cast<std::size_t>(std::numeric_limits<int>::max())) {
+					ec = error_category::load_key_bio_write; // Add an appropriate error here
+					return {};
+				}
+				int len = static_cast<int>(key.size());
 				if (BIO_write(pubkey_bio.get(), key.data(), len) != len) {
 					ec = error_category::load_key_bio_write;
 					return {};

From be194079eee41e36aa62ee00f8bdf8f2ff166f39 Mon Sep 17 00:00:00 2001
From: Dominik Thalhammer <thalhammer.d@googlemail.com>
Date: Mon, 29 Dec 2025 14:13:08 +0100
Subject: [PATCH 2/2] Fix windows build without NOMINMAX

---
 include/jwt-cpp/jwt.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h
index 74309b4e..b351fc3d 100644
--- a/include/jwt-cpp/jwt.h
+++ b/include/jwt-cpp/jwt.h
@@ -723,7 +723,7 @@ namespace jwt {
 				auto epkey = helper::extract_pubkey_from_cert<error_category>(key, password, ec);
 				if (ec) return {};
 				// Ensure the size fits into an int before casting
-				if (epkey.size() > static_cast<std::size_t>(std::numeric_limits<int>::max())) {
+				if (epkey.size() > static_cast<std::size_t>((std::numeric_limits<int>::max)())) {
 					ec = error_category::load_key_bio_write; // Add an appropriate error here
 					return {};
 				}
@@ -734,7 +734,7 @@ namespace jwt {
 				}
 			} else {
 				// Ensure the size fits into an int before casting
-				if (key.size() > static_cast<std::size_t>(std::numeric_limits<int>::max())) {
+				if (key.size() > static_cast<std::size_t>((std::numeric_limits<int>::max)())) {
 					ec = error_category::load_key_bio_write; // Add an appropriate error here
 					return {};
 				}