Fix bogus order of error checks in new channel_binding code.

Coverity pointed out that it's pretty silly to check for a null pointer
after we've already dereferenced the pointer.  To fix, just swap the
order of the two error checks.  Oversight in commit d6e612f83.

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index cd29e8bd126e971c23de8774e963779c523e927c..04118d54e2b6b71eb94db6d28021c07fb853fad1 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -502,18 +502,18 @@ pg_SASL_init(PGconn *conn, int payloadlen)
            selected_mechanism = SCRAM_SHA_256_NAME;
    }
 
-   if (conn->channel_binding[0] == 'r' &&  /* require */
-       strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
+   if (!selected_mechanism)
    {
        printfPQExpBuffer(&conn->errorMessage,
-                         libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
+                         libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
        goto error;
    }
 
-   if (!selected_mechanism)
+   if (conn->channel_binding[0] == 'r' &&  /* require */
+       strcmp(selected_mechanism, SCRAM_SHA_256_PLUS_NAME) != 0)
    {
        printfPQExpBuffer(&conn->errorMessage,
-                         libpq_gettext("none of the server's SASL authentication mechanisms are supported\n"));
+                         libpq_gettext("channel binding is required, but server did not offer an authentication method that supports channel binding\n"));
        goto error;
    }