And it won't always allocate enough bytes for the decoding. Granted when malloc fails you're already in a world of hurt, but this is just yet another routine that makes the gross assumption that malloc will never fail.
What's criminal about that is that if Ns_HtuuDecode were written correctly, then the original version of ParseAuth would behave much better in low memory situations than the new version of ParseAuth, and it would be faster too at almost all times, allocing a stack variable of 256 bytes as opposed to fragmenting memory and going through alloc, etc. So one crapulent (actually a word) routine has begot another.
