--- openldap2.1-2.1.12.orig/servers/slapd/sasl.c
+++ openldap2.1-2.1.12/servers/slapd/sasl.c
@@ -439,11 +439,16 @@
 
 	/* All strings are in DN form now. Normalize if needed. */
 	if ( do_norm ) {
+		if ( is_dn != SET_U ) {
+			struct berval dntmp;
+			
+			ber_dupbv( &dntmp, dn );
+			dn->bv_val = dntmp.bv_val;
+		}
 		rc = dnNormalize2( NULL, dn, &dn2 );
 
 		/* User DNs were constructed above and must be freed now */
-		if ( is_dn == SET_U )
-			ch_free( dn->bv_val );
+		ch_free( dn->bv_val );
 
 		if ( rc != LDAP_SUCCESS ) {
 			dn->bv_val = NULL;
--- openldap2.1-2.1.12.orig/servers/slapd/back-sql/init.c
+++ openldap2.1-2.1.12/servers/slapd/back-sql/init.c
@@ -31,7 +31,7 @@
 
 	memset( &bi, '\0', sizeof( bi ) );
 	bi.bi_type = "sql";
-	bi.bi_init = backbacksql_initialize;
+	bi.bi_init = sql_back_initialize;
 
 	backend_add( &bi );
 	return 0;
--- openldap2.1-2.1.12.orig/libraries/libldap/cyrus.c
+++ openldap2.1-2.1.12/libraries/libldap/cyrus.c
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.45.2.15 2002/12/19 22:00:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.72 2003/02/07 08:58:21 ando Exp $ */
 /*
- * Copyright 1999-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1999-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -525,7 +525,7 @@
 	char *data;
 	const char *mech = NULL;
 	const char *pmech = NULL;
-	int			saslrc, rc;
+	int			saslrc, rc, res = LDAP_OTHER;
 	sasl_ssf_t		*ssf = NULL;
 	sasl_conn_t	*ctx;
 	sasl_interact_t *prompts = NULL;
@@ -600,15 +600,17 @@
 		}
 
 #if SASL_VERSION_MAJOR >= 2
-		/* XXX the application should free interact results. */
-		if ( prompts != NULL && prompts->result != NULL ) {
+		/* The application should free interact results,
+		 * but only if it successfully alloced/set interact
+		 * results, which is only definitely true if the
+		 * result of the interact call returned LDAP_SUCCESS */
+		if ( res == LDAP_SUCCESS && prompts != NULL && prompts->result != NULL ) {
 			LDAP_FREE( (void *)prompts->result );
 			prompts->result = NULL;
 		}
 #endif
 
 		if( saslrc == SASL_INTERACT ) {
-			int res;
 			if( !interact ) break;
 			res = (interact)( ld, flags, defaults, prompts );
 			if( res != LDAP_SUCCESS ) {
@@ -627,6 +629,10 @@
 		return ld->ld_errno;
 	}
 
+        /* reset res back to LDAP_OTHER so that we do not
+         * mistakenly try and free prompts->result before it is set */
+        res = LDAP_OTHER;
+
 	do {
 		struct berval *scred;
 		unsigned credlen;
@@ -695,15 +701,17 @@
 #endif
 
 #if SASL_VERSION_MAJOR >= 2
-			/* XXX the application should free interact results. */
-			if ( prompts != NULL && prompts->result != NULL ) {
+			/* The application should free interact results,
+		         * but only if it successfully alloced/set interact
+        		 * results, which is only definitely true if the
+        		 * result of the interact call returned LDAP_SUCCESS */
+			if ( res == LDAP_SUCCESS && prompts != NULL && prompts->result != NULL ) {
 				LDAP_FREE( (void *)prompts->result );
 				prompts->result = NULL;
 			}
 #endif
 
 			if( saslrc == SASL_INTERACT ) {
-				int res;
 				if( !interact ) break;
 				res = (interact)( ld, flags, defaults, prompts );
 				if( res != LDAP_SUCCESS ) {