Aditya Garg <gargaditya08@xxxxxxxx> writes: >> On 5 Jun 2025, at 1:30 PM, Jeff King <peff@xxxxxxxx> wrote: >> >> On Mon, Jun 02, 2025 at 04:29:33PM +0530, Aditya Garg wrote: >> >>> @@ -1405,7 +1558,11 @@ static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred) >>> >>> server_fill_credential(srvc, cred); >>> curl_easy_setopt(curl, CURLOPT_USERNAME, srvc->user); >>> - curl_easy_setopt(curl, CURLOPT_PASSWORD, srvc->pass); >>> + >>> + if (!srvc->auth_method || >>> + strcmp(srvc->auth_method, "XOAUTH2") || >>> + strcmp(srvc->auth_method, "OAUTHBEARER")) >>> + curl_easy_setopt(curl, CURLOPT_PASSWORD, srvc->pass); >> >> Coverity complains that this "if" will always be true, since one of the >> strcmp() calls must return non-zero (srvc->auth_method cannot match both >> strings!). >> >> I'm not sure what the logic is supposed to be here. If we are matching >> either string, it should be !strcmp() for both. If we want to match >> neither, then it should be &&, not ||. > > Good catch. The aim was to not execute that statement if authentication is > XOAUTH2 or OAUTHBEARER. I'll fix this logic. Yup. I'll refrain from merging it down before the reroll.
