------=_20130709125114_66017 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit

I have traced the fault into the syncrepl overlay, specifically it passes a static global variable to be_search(). If a plugin is configured, slapi_op_search_callback() is called, which then attempts to free the static global search variable passed to be_search(), causing a crash.

The attached patch fixes the problem on my test system. ------=_20130709125114_66017 Content-Type: text/x-patch; name="openldap_syncprov_plugin_crash_fix.diff" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="openldap_syncprov_plugin_crash_fix.diff"

--- servers/slapd/overlays/syncprov.c +++ servers/slapd/overlays/syncprov.c @@ -460,7 +460,13 @@ fop.ors_attrs = slap_anlist_no_attrs; fop.ors_attrsonly = 1; fop.ors_filter = &generic_filter; - fop.ors_filterstr = generic_filterstr; + + // If any plugins are enabled, slapi_overlay will attempt to free the provided filter string in slapi_op_search_callback, causing a crash + // Therefore, allocate a copy of generic_filterstr for use by be_search() + struct berval filterstr; + filterstr.bv_len = generic_filterstr.bv_len; + filterstr.bv_val = op->o_tmpalloc(generic_filterstr.bv_len + 1, op->o_tmpmemctx); + memcpy(filterstr.bv_val, generic_filterstr.bv_val, generic_filterstr.bv_len + 1);

rc = fop.o_bd->be_search( &fop, &frs ); } else { ------=_20130709125114_66017--