From 2097ab37b2158b49953b2ac4100f8268d56af464 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 11 Oct 2025 23:55:04 +0200
Subject: [PATCH] openldap: remove const from supportedSASLMechanisms

Casting away const for a parameter that the LDAP API expects as a
non-const char ** is unsafe: if the LDAP implementation ever writes to,
frees, or otherwise mutates the provided array, undefined behavior or
crashes can occur.

Reported-by: Joshua Rogers
---
 lib/openldap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/openldap.c b/lib/openldap.c
index fb771161d6..9614c3e667 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -461,7 +461,7 @@ static CURLcode oldap_perform_mechs(struct Curl_easy *data)
   struct ldapconninfo *li =
     Curl_conn_meta_get(data->conn, CURL_META_LDAP_CONN);
   int rc;
-  static const char * const supportedSASLMechanisms[] = {
+  char *supportedSASLMechanisms[] = {
     "supportedSASLMechanisms",
     NULL
   };
@@ -469,7 +469,7 @@ static CURLcode oldap_perform_mechs(struct Curl_easy *data)
   if(!li)
     return CURLE_FAILED_INIT;
   rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)",
-                       (char **)CURL_UNCONST(supportedSASLMechanisms), 0,
+                       supportedSASLMechanisms, 0,
                        NULL, NULL, NULL, 0, &li->msgid);
   if(rc != LDAP_SUCCESS)
     return oldap_map_error(rc, CURLE_LOGIN_DENIED);