Check for NULL result from strdup

Per Coverity Scan

src/interfaces/libpq/fe-secure.c

@@ -875,7 +875,17 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 		{
 			/* Colon, but not in second character, treat as engine:key */
 			char	   *engine_str = strdup(conn->sslkey);
-			char	   *engine_colon = strchr(engine_str, ':');
+			char	   *engine_colon;
+
+			if (engine_str == NULL)
+			{
+				printfPQExpBuffer(&conn->errorMessage,
+								  libpq_gettext("out of memory\n"));
+				return -1;
+			}
+
+			/* cannot return NULL because we already checked before strdup */
+			engine_colon = strchr(engine_str, ':');
 
 			*engine_colon = '\0';		/* engine_str now has engine name */
 			engine_colon++;		/* engine_colon now has key name */