openldap: explain a const removing typecast

author Daniel Stenberg <daniel@haxx.se>

Tue, 14 Oct 2025 08:49:53 +0000 (10:49 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 14 Oct 2025 14:25:34 +0000 (16:25 +0200)
author Daniel Stenberg <daniel@haxx.se>
Tue, 14 Oct 2025 08:49:53 +0000 (10:49 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 14 Oct 2025 14:25:34 +0000 (16:25 +0200)
diff --git a/lib/openldap.c b/lib/openldap.c

index fb771161d61d80eb0ccd7facac8b8571e696f7b9..b8afe99529e16e813e74ad32b06d00aa890f7a44 100644 (file)
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -468,6 +468,10 @@ static CURLcode oldap_perform_mechs(struct Curl_easy *data)
  
    if(!li)
      return CURLE_FAILED_INIT;
+  /* Casting away the const for the 3rd parameter that the LDAP API expects as
+     a non-const char ** is potentially unsafe but we believe the lack of
+     const in the API was an oversight and that no LDAP implementation
+     actually modifies the input. */
    rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)",
                         (char **)CURL_UNCONST(supportedSASLMechanisms), 0,
                         NULL, NULL, NULL, 0, &li->msgid);
author	Daniel Stenberg <daniel@haxx.se>
	Tue, 14 Oct 2025 08:49:53 +0000 (10:49 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 14 Oct 2025 14:25:34 +0000 (16:25 +0200)