I noticed that pgwin32_unsetenv() in src/port/win32env.c lacks the input
validation that its sibling function pgwin32_setenv() has (lines 126-132).
Without these checks, the function will crash on NULL input via
strlen(NULL), and will accept empty strings or strings containing '=' in
violation of POSIX.1-2008.
The attached patch adds the same validation that pgwin32_setenv already
does, making the two functions consistent. This is purely defensive -
it only affects callers passing invalid arguments.
regards,
Bryan Green
From dda02bef12a725eff5e38367f2a525b2355c29d0 Mon Sep 17 00:00:00 2001
From: Bryan Green <[email protected]>
Date: Sat, 18 Oct 2025 13:04:04 -0500
Subject: [PATCH] Fix POSIX compliance in pgwin32_unsetenv()
pgwin32_unsetenv() lacks the input validation that its sibling
pgwin32_setenv() has. Add the same checks for NULL, empty string,
and '=' in the name parameter, per POSIX requirements.
Without these checks, unsetenv(NULL) crashes, and invalid names
are accepted when they should fail with EINVAL.
---
src/port/win32env.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/port/win32env.c b/src/port/win32env.c
index b22fbafde4..e1cee683db 100644
--- a/src/port/win32env.c
+++ b/src/port/win32env.c
@@ -152,6 +152,13 @@ pgwin32_unsetenv(const char *name)
int res;
char *envbuf;
+ /* Error conditions, per POSIX */
+ if (name == NULL || name[0] == '\0' || strchr(name, '=') != NULL)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+
envbuf = (char *) malloc(strlen(name) + 2);
if (!envbuf)
return -1;
--
2.49.0
