Ticket 47416 - SASL encrypted packet length exceeds maximum allowed limit
Bug Description: If an error occurs while establishing the secure layer during
a bind operation, the client will send an unbind request that
is not encrypted. The sasl code expects encrypted values
and it incorrectly parses the message for its length, but since
it's not encrypted the length is wrong, and exceeds the saslio limit.
Fix Description: Check if there is data in the encrypted buffer before the secure
layer is established. Check if the first byte in the buffer is an
LDAP_TAG_MESSAGE. Then we get the legnth of the LDAP message, and compare
it to maxbersize. Then attmept to read in the rest of the
packet(if necessary). If we fail to read in the LDAP msg length,
then return PR_WOULD_BLOCK_ERROR. Otherwise parse the berElement, and
check if it is an UNBIND operation. If it is then copy it to the socket
buffer, and let the server process the operation. Any other valid
LDAP operation is still treated as an error.
https://fedorahosted.org/389/ticket/47416
Reviewed by: richm (Thanks!!!)