From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sun, 29 Sep 2019 16:35:53 +0000 (-0400)
Subject: Fix bogus order of error checks in new channel_binding code.
X-Git-Tag: REL_13_BETA1~1403
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c97f73468419672f2340afb24f1321695ee3002;p=thirdparty%2Fpostgresql.git

Fix bogus order of error checks in new channel_binding code.

Coverity pointed out that it's pretty silly to check for a null pointer
after we've already dereferenced the pointer.  To fix, just swap the
order of the two error checks.  Oversight in commit d6e612f83.
---

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index cd29e8bd126..04118d54e2b 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -502,18 +502,18 @@ pg_SASL_init(PGconn *conn, int payloadlen)
 			selected_mechanism = SCRAM_SHA_256_NAME;
 	}
 
-	if (conn->channel_binding[0] == 'r' &&	/* require */
-		strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
+	if (!selected_mechanism)
 	{
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
+						  libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
 		goto error;
 	}
 
-	if (!selected_mechanism)
+	if (conn->channel_binding[0] == 'r' &&	/* require */
+		strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
 	{
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
+						  libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
 		goto error;
 	}