From 2c97f73468419672f2340afb24f1321695ee3002 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 29 Sep 2019 12:35:53 -0400 Subject: [PATCH] Fix bogus order of error checks in new channel_binding code. Coverity pointed out that it's pretty silly to check for a null pointer after we've already dereferenced the pointer. To fix, just swap the order of the two error checks. Oversight in commit d6e612f83. --- src/interfaces/libpq/fe-auth.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index cd29e8bd126..04118d54e2b 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -502,6 +502,13 @@ pg_SASL_init(PGconn *conn, int payloadlen) selected_mechanism = SCRAM_SHA_256_NAME; } + if (!selected_mechanism) + { + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("none of the server's SASL authentication mechanisms are supported\n")); + goto error; + } + if (conn->channel_binding[0] == 'r' && /* require */ strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0) { @@ -510,13 +517,6 @@ pg_SASL_init(PGconn *conn, int payloadlen) goto error; } - if (!selected_mechanism) - { - printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("none of the server's SASL authentication mechanisms are supported\n")); - goto error; - } - /* * Now that the SASL mechanism has been chosen for the exchange, * initialize its state information.