Fix bogus order of error checks in new channel_binding code.

Coverity pointed out that it's pretty silly to check for a null pointer
after we've already dereferenced the pointer.  To fix, just swap the
order of the two error checks.  Oversight in commit d6e612f83.

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index cd29e8bd126e971c23de8774e963779c523e927c..04118d54e2b6b71eb94db6d28021c07fb853fad1 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -502,18 +502,18 @@ pg_SASL_init(PGconn *conn, int payloadlen)
                        selected_mechanism = SCRAM_SHA_256_NAME;
        }
 
-       if (conn->channel_binding[0] == 'r' &&  /* require */
-               strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
+       if (!selected_mechanism)
        {
                printfPQExpBuffer(&conn->errorMessage,
-                                                 libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
+                                                 libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
                goto error;
        }
 
-       if (!selected_mechanism)
+       if (conn->channel_binding[0] == 'r' &&  /* require */
+               strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
        {
                printfPQExpBuffer(&conn->errorMessage,
-                                                 libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
+                                                 libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
                goto error;
        }