commit b15057701186a99af7523319371ec7e0db9dd195
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Sat Mar 02 00:19:56 2024 UTC

swap the order of the checks to not hide an error

If a libexec process returns an GOT_IMSG_ERROR that happens to be
smaller than the requested min_datalen, got_privsep_recv_imsg()
returns GOT_IMSG_PRIVSEP_LEN hiding the original error.

ok stsp@

commit - 2633cf30b7cd97910764fc4c016df7959858171d
commit + b15057701186a99af7523319371ec7e0db9dd195
blob - bfe6f67b6065aabb9a1a27b1531267cc64064f47
blob + c2033cbd85a6b278e2b0b27aa0f57ec1f4d0c115
--- lib/privsep.c
+++ lib/privsep.c
@@ -139,11 +139,6 @@ got_privsep_recv_imsg(struct imsg *imsg, struct imsgbu
 		n = imsg_get(ibuf, imsg);
 		if (n == -1)
 			return got_error_from_errno("imsg_get");
-	}
-
-	if (imsg->hdr.len < IMSG_HEADER_SIZE + min_datalen) {
-		imsg_free(imsg);
-		return got_error(GOT_ERR_PRIVSEP_LEN);
 	}
 
 	if (imsg->hdr.type == GOT_IMSG_ERROR) {
@@ -153,6 +148,11 @@ got_privsep_recv_imsg(struct imsg *imsg, struct imsgbu
 		return err;
 	}
 
+	if (imsg->hdr.len < IMSG_HEADER_SIZE + min_datalen) {
+		imsg_free(imsg);
+		return got_error(GOT_ERR_PRIVSEP_LEN);
+	}
+
 	return NULL;
 }