From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 14 Jun 2026 10:19:49 +0000 (+0200)
Subject: smb: integer overflow proof a size check
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c4cb67692d4466ba577fcdd9d3eb60cdfe19ba13;p=thirdparty%2Fcurl.git

smb: integer overflow proof a size check

By using size_t for the vars instead of shorts.

Pointed out by Zeropath

Closes #22001
---

diff --git a/lib/smb.c b/lib/smb.c
index a660f053eb..397ea6eb22 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -1007,8 +1007,8 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
   struct smb_request *req = Curl_meta_get(data, CURL_META_SMB_EASY);
   struct smb_header *h;
   enum smb_req_state next_state = SMB_DONE;
-  unsigned short len;
-  unsigned short off;
+  size_t len;
+  size_t off;
   CURLcode result;
   void *msg = NULL;
   const struct smb_nt_create_response *smb_m;