Solution: add ZMQ_ZAP_ENFORCE_DOMAIN to hide backward incompatible
change and make it disabled by default.
In a future release that breaks API compatibility we can then switch
the default to enabled in order to achieve full RFC compatibility.
Fixes#2762
Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy
* Problem: no test case with CURVE encryption and large identity
Solution: added test case (currently crashing)
* Problem: possible buffer overflow in mechanism_t::add_property
Solution: add target buffer length parameter and check the buffer is sufficiently large
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Problem: possible buffer overruns related to metadata at various locations
Solution: allocate buffer large enough for actual metadata, reduce code duplication
* Problem: syntax error related to pointer type conversion
Solution: change argument type of make_command_with_basic_properties to const char *
* Problem: large metadata may cause an assertion in produce_initiate
Solution: Allow metadata of arbitrary size in produce_initiate
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is
enabled, abort immediately if it cannot be used (eg: out of memory)
or it is configured incorrectly (eg: wrong socket type).
Otherwise authentication failures will simply be ignored and
unauthorised peers will be allowed to slip in.
Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.
Solution: specify these grants in the header of each source file.
