From e655ae0c80aa3ddbacc20cac349336e4696d7d74 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 3 Apr 2016 17:55:17 +0100
Subject: [PATCH] curl_sasl: Fixed potential null pointer utilisation

Although this should never happen due to the relationship between the
'mech' and 'resp' variables, and the way they are allocated together,
it does cause problems for code analysis tools:

V595 The 'mech' pointer was utilized before it was verified against
     nullptr. Check lines: 376, 381. curl_sasl.c 376

Bug: https://github.com/curl/curl/issues/745
Reported-by: Alexis La Goutte
---
 lib/curl_sasl.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index a4568d6d3..13cf4e954 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -373,19 +373,17 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
     }
   }
 
-  if(!result) {
+  if(!result && mech) {
     if(resp && sasl->params->maxirlen &&
        strlen(mech) + len > sasl->params->maxirlen) {
       free(resp);
       resp = NULL;
     }
 
-    if(mech) {
-      result = sasl->params->sendauth(conn, mech, resp);
-      if(!result) {
-        *progress = SASL_INPROGRESS;
-        state(sasl, conn, resp? state2: state1);
-      }
+    result = sasl->params->sendauth(conn, mech, resp);
+    if(!result) {
+      *progress = SASL_INPROGRESS;
+      state(sasl, conn, resp ? state2 : state1);
     }
   }
 
-- 
2.40.0