From c4cb67692d4466ba577fcdd9d3eb60cdfe19ba13 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 14 Jun 2026 12:19:49 +0200 Subject: [PATCH] smb: integer overflow proof a size check By using size_t for the vars instead of shorts. Pointed out by Zeropath Closes #22001 --- lib/smb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/smb.c b/lib/smb.c index a660f053eb..397ea6eb22 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -1007,8 +1007,8 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) struct smb_request *req = Curl_meta_get(data, CURL_META_SMB_EASY); struct smb_header *h; enum smb_req_state next_state = SMB_DONE; - unsigned short len; - unsigned short off; + size_t len; + size_t off; CURLcode result; void *msg = NULL; const struct smb_nt_create_response *smb_m;