curl_sasl: Fixed potential null pointer utilisation

Although this should never happen due to the relationship between the
'mech' and 'resp' variables, and the way they are allocated together,
it does cause problems for code analysis tools:

V595 The 'mech' pointer was utilized before it was verified against
     nullptr. Check lines: 376, 381. curl_sasl.c 376

Bug: https://github.com/curl/curl/issues/745
Reported-by: Alexis La Goutte

diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index a4568d6d37d621dcde8b8118d542284f7de75bd6..13cf4e954af0d0d8743211c3f3d0c665ff32d937 100644 (file)
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -373,19 +373,17 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
     }
   }
 
-  if(!result) {
+  if(!result && mech) {
     if(resp && sasl->params->maxirlen &&
        strlen(mech) + len > sasl->params->maxirlen) {
       free(resp);
       resp = NULL;
     }
 
-    if(mech) {
-      result = sasl->params->sendauth(conn, mech, resp);
-      if(!result) {
-        *progress = SASL_INPROGRESS;
-        state(sasl, conn, resp? state2: state1);
-      }
+    result = sasl->params->sendauth(conn, mech, resp);
+    if(!result) {
+      *progress = SASL_INPROGRESS;
+      state(sasl, conn, resp ? state2 : state1);
     }
   }