Is this NULL check needed? clt_pass is checked for being NULL and dereferenced
four lines above:
if ((clt_pass = strchr(decoded, ':')) == NULL)
goto done;
clt_user = decoded;
*clt_pass++ = '\0';
if ((clt->clt_remote_user = strdup(clt_user)) == NULL)
goto done;
if (clt_pass == NULL)
goto done;
Index: server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.134
diff -u -p -u -r1.134 server_http.c
--- server_http.c 22 Oct 2019 09:31:23 -0000 1.134
+++ server_http.c 3 Nov 2019 09:52:24 -0000
@@ -153,9 +153,6 @@ server_http_authenticate(struct server_c
if ((clt->clt_remote_user = strdup(clt_user)) == NULL)
goto done;
- if (clt_pass == NULL)
- goto done;
-
if ((fp = fopen(auth->auth_htpasswd, "r")) == NULL)
goto done;
