check for NULL returns from strdup() - reported by Jim Meyering

also prevent buffer overflow on MSDOS when you do for example -O on a url
with a file name part longer than PATH_MAX letters