smb: integer overflow proof a size check

By using size_t for the vars instead of shorts.

Pointed out by Zeropath

Closes #22001

diff --git a/lib/smb.c b/lib/smb.c
index a660f053ebb87e29f5fd25d3d828170ec5ddaf28..397ea6eb22cf95453e2667667de7b29d0716bd85 100644 (file)
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -1007,8 +1007,8 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
   struct smb_request *req = Curl_meta_get(data, CURL_META_SMB_EASY);
   struct smb_header *h;
   enum smb_req_state next_state = SMB_DONE;
-  unsigned short len;
-  unsigned short off;
+  size_t len;
+  size_t off;
   CURLcode result;
   void *msg = NULL;
   const struct smb_nt_create_response *smb_m;