[openssl-users] Freeing of const char * fields in ASN1_OBJECT

[Reinier Torenbeek]

Hi,

The following looks wrong and actually resulted in a crash for me before
I decided to do things differently:

In asn1/asn1.h, the fields sn and ln in ASN1_OBJECT are defined as const
char *:

211 typedef struct asn1_object_st
212         {
213         const char *sn,*ln;
214         int nid;
215         int length;
216         const unsigned char *data;      /* data remains const after
init */
217         int flags;      /* Should we free this one */
218         } ASN1_OBJECT;

but in asn1/a_object.c, the get casted to void * and freed:

378 void ASN1_OBJECT_free(ASN1_OBJECT *a)
379         {
380         if (a == NULL) return;
381         if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
382                 {
383 #ifndef CONST_STRICT /* disable purely for compile-time strict const
checking. Doing this on a "real" compile will cause memory leaks */
384                 if (a->sn != NULL) OPENSSL_free((void *)a->sn);
385                 if (a->ln != NULL) OPENSSL_free((void *)a->ln);
386 #endif

Given that a lot of the code is supposed to be self-describing (due to
lack of documentation), it is somewhat disturbing that I can not rely on
the const qualifiers to be honored. Any thoughts on this?

Thanks,
Reinier