Don't cast malloc(3) size to u_int.

Don't cast malloc(3) size to u_int.

Large buffer sizes on 64-bit platforms cause the sum to wrap, leading
read(2) to fail later.

We check prior to this point that all buffer sizes are <= SSIZE_MAX.
SSIZE_MAX * 2 < SIZE_MAX on all platforms, so the addition here will
not overflow and cause a similar issue.

Discovered by tobias@ a while back.

ok deraadt millert tobias