From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 14 Oct 2025 08:49:53 +0000 (+0200)
Subject: openldap: explain a const removing typecast
X-Git-Tag: rc-8_17_0-2~85
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61dcb56743e5e4a6a014b6e30b6d61c75355ff17;p=thirdparty%2Fcurl.git

openldap: explain a const removing typecast

Closes #19056
---

diff --git a/lib/openldap.c b/lib/openldap.c
index fb771161d6..b8afe99529 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -468,6 +468,10 @@ static CURLcode oldap_perform_mechs(struct Curl_easy *data)
 
   if(!li)
     return CURLE_FAILED_INIT;
+  /* Casting away the const for the 3rd parameter that the LDAP API expects as
+     a non-const char ** is potentially unsafe but we believe the lack of
+     const in the API was an oversight and that no LDAP implementation
+     actually modifies the input. */
   rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)",
                        (char **)CURL_UNCONST(supportedSASLMechanisms), 0,
                        NULL, NULL, NULL, 0, &li->msgid);