lib: fix some format specifiers

- Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some
curl_off_t variables.

- Use %zu where %zd was erroneously used for some si

lib: fix some format specifiers

- Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some
curl_off_t variables.

- Use %zu where %zd was erroneously used for some size_t variables.

Prior to this change some of the Windows CI tests were failing because
in Windows 32-bit targets have a 32-bit size_t and a 64-bit curl_off_t.
When %zd was used for some curl_off_t variables then only the lower
32-bits was read and the upper 32-bits would be read for part or all of
the next specifier.

Fixes https://github.com/curl/curl/issues/11327
Closes https://github.com/curl/curl/pull/11321

show more ...

checksrc: disallow spaces before labels

Out of 415 labels throughout the code base, 86 of those labels were
not at the start of the line. Which means labels always at the start of
th

checksrc: disallow spaces before labels

Out of 415 labels throughout the code base, 86 of those labels were
not at the start of the line. Which means labels always at the start of
the line is the favoured style overall with 329 instances.

Out of the 86 labels not at the start of the line:
* 75 were indented with the same indentation level of the following line
* 8 were indented with exactly one space
* 2 were indented with one fewer indentation level then the following
line
* 1 was indented with the indentation level of the following line minus
three space (probably unintentional)

Co-Authored-By: Viktor Szakats

Closes #11134

show more ...

mqtt: on send error, return error

Reported-by: Maciej Domanski

Closes #10623

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

style: use space after comment start and before comment end

/* like this */

/*not this*/

checksrc is updated accordingly

Closes #9828

mqtt: spell out CONNECT in comments

Instead of calling it 'CONN' in several comments, use the full and
correct protocol packet name.

Suggested by Trail of Bits

Closes #

mqtt: spell out CONNECT in comments

Instead of calling it 'CONN' in several comments, use the full and
correct protocol packet name.

Suggested by Trail of Bits

Closes #9751

show more ...

mqtt: return error for too long topic

Closes #9744

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

mqtt: better handling of TCP disconnect mid-message

Reported-by: Jenny Heino
Bug: https://hackerone.com/reports/1521610
Closes #8644

mqtt: free 'sendleftovers' in disconnect

Fix a memory-leak

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646
Closes #8415

lib: remove support for CURL_DOES_CONVERSIONS

TPF was the only user and support for that was dropped.

Closes #8378

mqtt: free any leftover when done

Oss-fuzz found an issue when the "sendleftovers" pointer could leak memory.
Fix this by always freeing it (if still assigned) in the done function.

mqtt: free any leftover when done

Oss-fuzz found an issue when the "sendleftovers" pointer could leak memory.
Fix this by always freeing it (if still assigned) in the done function.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515
Closes #8274

show more ...

mqtt: clear the leftovers pointer when sending succeeds

CVE-2021-22945

Bug: https://curl.se/docs/CVE-2021-22945.html

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes info

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes infof() work like failf() and consistency is good

- there's an assert that triggers on newlines in the format string

- Also removes a few instances of "..."

- Removes the code that would append "..." to the end of the data *iff*
it was truncated in infof()

Closes #7357

show more ...

mqtt: extend the error message for no topic

... and mention that it needs URL encoding.

Reported-by: Peter Körner
Fixes #7316
Closes #7317

mqtt: add support for username and password

Minor-edits-by: Daniel Stenberg
Added test 2200 to 2205

Closes #7243

mqtt: detect illegal and too large file size

Add test 3017 and 3018 to verify.
Closes #7166

conn: add 'attach' to protocol handler, make libssh2 use it

The libssh2 backend has SSH session associated with the connection but
the callback context is the easy handle, so when a conn

conn: add 'attach' to protocol handler, make libssh2 use it

The libssh2 backend has SSH session associated with the connection but
the callback context is the easy handle, so when a connection gets
attached to a transfer, the protocol handler now allows for a custom
function to get used to set things up correctly.

Reported-by: Michael O'Farrell
Fixes #6898
Closes #7078

show more ...

lib: pass in 'struct Curl_easy *' to most functions

... in most cases instead of 'struct connectdata *' but in some cases in
addition to.

- We mostly operate on transfers and no

lib: pass in 'struct Curl_easy *' to most functions

... in most cases instead of 'struct connectdata *' but in some cases in
addition to.

- We mostly operate on transfers and not connections.

- We need the transfer handle to log, store data and more. Everything in
libcurl is driven by a transfer (the CURL * in the public API).

- This work clarifies and separates the transfers from the connections
better.

- We should avoid "conn->data". Since individual connections can be used
by many transfers when multiplexing, making sure that conn->data
points to the current and correct transfer at all times is difficult
and has been notoriously error-prone over the years. The goal is to
ultimately remove the conn->data pointer for this reason.

Closes #6425

show more ...

mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

Closes #6338

show more ...

mqtt: deal with 0 byte reads correctly

OSS-Fuzz found it
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28676

Closes #6327

urldata: remove 'void *protop' and create the union 'p'

... to avoid the use of 'void *' for the protocol specific structs done
per transfer.

Closes #6238

curl.se: new home

Closes #6172

sendf: move the verbose-check into Curl_debug

Saves us from having the same check done everywhere.

Closes #6159

Curl_handler: add 'family' to each protocol

Makes get_protocol_family() faster and it moves the knowledge about the
"families" to each protocol handler, where it belongs.

Closes

Curl_handler: add 'family' to each protocol

Makes get_protocol_family() faster and it moves the knowledge about the
"families" to each protocol handler, where it belongs.

Closes #5986

show more ...