From 2c97f73468419672f2340afb24f1321695ee3002 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 29 Sep 2019 12:35:53 -0400 Subject: [PATCH] Fix bogus order of error checks in new channel_binding code. Coverity pointed out that it's pretty silly to check for a null pointer after we've already dereferenced the pointer. To fix, just swap the order of the two error checks. Oversight in commit d6e612f83. --- src/interfaces/libpq/fe-auth.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index cd29e8bd126..04118d54e2b 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -502,18 +502,18 @@ pg_SASL_init(PGconn *conn, int payloadlen) selected_mechanism = SCRAM_SHA_256_NAME; } - if (conn->channel_binding[0] == 'r' && /* require */ - strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0) + if (!selected_mechanism) { printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n")); + libpq_gettext("none of the server's SASL authentication mechanisms are supported\n")); goto error; } - if (!selected_mechanism) + if (conn->channel_binding[0] == 'r' && /* require */ + strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0) { printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("none of the server's SASL authentication mechanisms are supported\n")); + libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n")); goto error; } -- 2.39.5