.... since getsock may update the expiry timer.

Fixes #2996
Closes #3000

Closes #3004

The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().

Closes #3005
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Nick Zitzmann <nickzman@gmail.com>

Make sure to not overwrite the reallocated pointer in realloc() calls
to avoid a memleak on memory errors.

ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.

Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Closes #2994

... so that they can clear the original pointer on failure, which makes
the error-paths and their cleanups easier.

Closes #2992

Closes #2998

Closes #2989

Fixes #2983
Closes #2988

The failf() macro is the name used for invoking Curl_failf(). While
there isn't a way to turn off failf like there is for infof, but it's
still a good idea to use the macro.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Strings broken on multiple rows in the .c file need to have appropriate
whitespace padding on either side of the concatenation point to render
a correct amalgamated string. Fix by adding a space at the occurrences
found.

Closes #2986
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

The FTP command allocated by aprintf() must be freed after usage.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Commit 8238ba9c

 inadvertently removed
the actual command to be sent from the send buffer in a refactoring.
Add back copying the command into the buffer. Also add more guards
against malformed input while at it.

Closes #2985
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

When erroring out on a request being too large, the existing buffer was
leaked. Fix by explicitly freeing on the way out.

Closes #2966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Closes #2984

This yields

  "the scheme is %s\n"

instead of

  "the scheme is %s0

Closes #2970

to help user understand what the problem is

Reported-by: Daniel Shahaf

Fixes #2763
Closes #2977

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973

Closes #2968
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

On Windows, the read function from <io.h> is used, which has its byte
count parameter as unsigned int instead of size_t.

Closes https://github.com/curl/curl/pull/2972

Closes https://github.com/curl/curl/pull/2979

- Use memcpy instead of strncpy to copy a string without termination,
  since gcc8 warns about using strncpy to copy as many bytes from a
  string as its length.

Suggested-by: Viktor Szakats

Closes https://github.com/curl/curl/issues/2980

Closes #2967

This example is simply not working correctly but there's nobody around
with the skills and energy to fix it.

Closes #2407

... to reflect the changes in 6015cefb

Closes #2955

Closes #2948

Rather than jumping backwards to where failure cleanup happens
to be performed, move the failure case to end of the function
where it is expected per existing coding convention.

Closes #2965

Closes #2963

If the formatting fails, we error out on a fatal error and
clean up on the way out. The array was however freed within
the wrong scope and was thus never freed in case the cookies
were written to a file instead of STDOUT.

Closes #2957

Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.

closes #2962

Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.

Reported-by: Harry Sintonen
Closes #2959

Closes #2960

Coverity CID 1439134