commit cc57c2cb8c8d6bc0a47692b47a6fefc5adaf2510
from: Omar Polo <op@omarpolo.com>
date: Mon Feb 26 16:46:58 2024 UTC

swap the order of the checks to not hide an error

If a libexec process returns an GOT_IMSG_ERROR that happens to be
smaller than the requested min_datalen, got_privsep_recv_imsg()
returns GOT_IMSG_PRIVSEP_LEN hiding the original error.

ok stsp@

commit - fcece7180725bba9a781eaa892af379b1986208b
commit + cc57c2cb8c8d6bc0a47692b47a6fefc5adaf2510
blob - 208f38064847db1bdf2043d22f6be5691d0905c1
blob + 9cd5e389d8bbe7d91148d4b701ce7e577736258e
--- lib/privsep.c
+++ lib/privsep.c
@@ -139,11 +139,6 @@ got_privsep_recv_imsg(struct imsg *imsg, struct imsgbu
 		n = imsg_get(ibuf, imsg);
 		if (n == -1)
 			return got_error_from_errno("imsg_get");
-	}
-
-	if (imsg->hdr.len < IMSG_HEADER_SIZE + min_datalen) {
-		imsg_free(imsg);
-		return got_error(GOT_ERR_PRIVSEP_LEN);
 	}
 
 	if (imsg->hdr.type == GOT_IMSG_ERROR) {
@@ -153,6 +148,11 @@ got_privsep_recv_imsg(struct imsg *imsg, struct imsgbu
 		return err;
 	}
 
+	if (imsg->hdr.len < IMSG_HEADER_SIZE + min_datalen) {
+		imsg_free(imsg);
+		return got_error(GOT_ERR_PRIVSEP_LEN);
+	}
+
 	return NULL;
 }