mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

Closes #6338

5 files changed, 121 insertions, 2 deletions

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 7e9663d48..c80f7abb0 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -205,6 +205,7 @@ test1800 test1801 \
 \
                                     test1904 test1905 test1906 test1907 \
 test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
+test1916 test1917 \
 \
 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
 test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
diff --git a/tests/data/test1198 b/tests/data/test1198
index deb22906b..a81e4bb81 100644
--- a/tests/data/test1198
+++ b/tests/data/test1198
@@ -30,7 +30,7 @@ mqtt
 MQTT PUBLISH empty payload, single space topic
 </name>
 <command option="binary-trace">
-"mqtt:/%HOSTIP:%MQTTPORT/ " -d ""
+mqtt://%HOSTIP:%MQTTPORT/%20 -d ""
 </command>
 </client>
 
diff --git a/tests/data/test1199 b/tests/data/test1199
index 6887c576b..d710e7013 100644
--- a/tests/data/test1199
+++ b/tests/data/test1199
@@ -30,7 +30,7 @@ mqtt
 MQTT PUBLISH empty payload, no topic
 </name>
 <command option="binary-trace">
-"mqtt:/%HOSTIP:%MQTTPORT/" -d ""
+mqtt://%HOSTIP:%MQTTPORT -d ""
 </command>
 </client>
 
diff --git a/tests/data/test1916 b/tests/data/test1916
new file mode 100644
index 000000000..e3b87bcd4
--- /dev/null
+++ b/tests/data/test1916
@@ -0,0 +1,57 @@
+<testcase>
+<info>
+<keywords>
+MQTT
+MQTT PUBLISH
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+hello
+</data>
+<datacheck hex="yes">
+00 04 31 31 39 30   68 65 6c 6c 6f 5b 4c 46 5d 0a
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+mqtt
+</features>
+<server>
+mqtt
+</server>
+<name>
+MQTT PUBLISH with no POSTFIELDSIZE set
+</name>
+<tool>
+lib1916
+</tool>
+<command option="binary-trace">
+"mqtt://%HOSTIP:%MQTTPORT/ "
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# These are hexadecimal protocol dumps from the client
+#
+# Strip out the random part of the client id from the CONNECT message
+# before comparison
+<strippart>
+s/^(.* 00044d5154540402003c000c6375726c).*/$1/
+</strippart>
+<protocol>
+client CONNECT 18 00044d5154540402003c000c6375726c
+server CONNACK 2 20020000
+client PUBLISH 3 000120
+client DISCONNECT 0 e000
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1917 b/tests/data/test1917
new file mode 100644
index 000000000..f125c46db
--- /dev/null
+++ b/tests/data/test1917
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+MQTT
+MQTT PUBLISH
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+hello
+</data>
+<datacheck hex="yes">
+00 04 31 31 39 30   68 65 6c 6c 6f 5b 4c 46 5d 0a
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+
+# require HTTP too as otherwise CURLOPT_POST doesn't exist
+<features>
+mqtt
+http
+</features>
+<server>
+mqtt
+</server>
+<name>
+MQTT PUBLISH with CURLOPT_POST set (no payload)
+</name>
+<tool>
+lib1917
+</tool>
+<command option="binary-trace">
+"mqtt://%HOSTIP:%MQTTPORT/ "
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# These are hexadecimal protocol dumps from the client
+#
+# Strip out the random part of the client id from the CONNECT message
+# before comparison
+<strippart>
+s/^(.* 00044d5154540402003c000c6375726c).*/$1/
+</strippart>
+<protocol>
+client CONNECT 18 00044d5154540402003c000c6375726c
+server CONNACK 2 20020000
+</protocol>
+<errorcode>
+43
+</errorcode>
+</verify>
+</testcase>