Fix bogus order of error checks in new channel_binding code.

Coverity pointed out that it's pretty silly to check for a null pointer after we've already dereferenced the pointer. To fix, just swap the order of the two error checks. Oversight in commit d6e612f8.

Fix bogus order of error checks in new channel_binding code.
Coverity pointed out that it's pretty silly to check for a null pointer after we've already dereferenced the pointer. To fix, just swap the order of the two error checks. Oversight in commit d6e612f8.
2c97f734 · Tom Lane · 92f1545d · 2c97f734
Commit 2c97f734 authored Sep 29, 2019 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

src/interfaces/libpq/fe-auth.c src/interfaces/libpq/fe-auth.c +5 -5

No files found.
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -502,18 +502,18 @@ pg_SASL_init(PGconn *conn, int payloadlen)
 			selected_mechanism = SCRAM_SHA_256_NAME;
 	}
-	if (conn->channel_binding[0] == 'r' &&	/* require */
+	if (!selected_mechanism)
-		strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
 	{
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
+						  libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
 		goto error;
 	}
-	if (!selected_mechanism)
+	if (conn->channel_binding[0] == 'r' &&	/* require */
+		strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
 	{
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
+						  libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
 		goto error;
 	}