diff --git a/lib/socks.c b/lib/socks.c
index 7d1ac6e95c..25232c7504 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -808,6 +808,10 @@ static CURLproxycode socks5_req1_init(struct socks_state *sx,
   }
   else {
     const size_t hostname_len = strlen(sx->hostname);
+    /* socks5_req0_init() already rejects hostnames longer than 255 bytes, so
+       this cast to unsigned char is safe. Assert to guard against future
+       refactoring that might remove or reorder that earlier check. */
+    DEBUGASSERT(hostname_len <= 255);
     desttype = 3;
     destination = (const unsigned char *)sx->hostname;
     destlen = (unsigned char)hostname_len; /* one byte length */