$OpenBSD: patch-src_ejabberd_c2s_erl,v 1.1 2014/10/27 15:44:20 jasper Exp $

Security fix for CVE-2014-8760
https://github.com/processone/ejabberd/commit/7bdc1151b11d26d33649c5cce2817b74a4f231a8

--- src/ejabberd_c2s.erl.orig	Tue Feb  5 17:22:34 2013
+++ src/ejabberd_c2s.erl	Mon Oct 27 15:51:33 2014
@@ -615,7 +615,7 @@ wait_for_feature_request({xmlstreamelement, El}, State
     TLSRequired = StateData#state.tls_required,
     SockMod = (StateData#state.sockmod):get_sockmod(StateData#state.socket),
     case {xml:get_attr_s("xmlns", Attrs), Name} of
-	{?NS_SASL, "auth"} when not ((SockMod == gen_tcp) and TLSRequired) ->
+	{?NS_SASL, "auth"} when TLSEnabled or not TLSRequired ->
 	    Mech = xml:get_attr_s("mechanism", Attrs),
 	    ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
 	    case cyrsasl:server_start(StateData#state.sasl_state,
@@ -722,7 +722,7 @@ wait_for_feature_request({xmlstreamelement, El}, State
 	    end;
 	_ ->
 	    if
-		(SockMod == gen_tcp) and TLSRequired ->
+		TLSRequired and not TLSEnabled ->
 		    Lang = StateData#state.lang,
 		    send_element(StateData, ?POLICY_VIOLATION_ERR(
 					       Lang,
