From 5274f11c17493a4011156a99e44cb1a8f5f9692e Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Tue, 21 Oct 2025 08:08:42 +0900
Subject: [PATCH] Fix POSIX compliance in pgwin32_unsetenv() for "name"
 argument

pgwin32_unsetenv() (compatibility routine of unsetenv() on Windows)
lacks the input validation that its sibling pgwin32_setenv() has.
Without these checks, calling unsetenv() with incorrect names crashes on
WIN32.  However, invalid names should be handled, failing on EINVAL.

This commit adds the same checks as setenv() to fail with EINVAL for a
"name" set to NULL, an empty string, or if '=' is included in the value,
per POSIX requirements.

Like 7ca37fb0406b, backpatch down to v14.  pgwin32_unsetenv() is defined
on REL_13_STABLE, but with the branch going EOL soon and the lack of
setenv() there for WIN32, nothing is done for v13.

Author: Bryan Green <dbryan.green@gmail.com>
Discussion: https://postgr.es/m/b6a1e52b-d808-4df7-87f7-2ff48d15003e@gmail.com
Backpatch-through: 14
---
 src/port/win32env.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/port/win32env.c b/src/port/win32env.c
index a03556078ce..0bb0fe0357f 100644
--- a/src/port/win32env.c
+++ b/src/port/win32env.c
@@ -152,6 +152,13 @@ pgwin32_unsetenv(const char *name)
 	int			res;
 	char	   *envbuf;
 
+	/* Error conditions, per POSIX */
+	if (name == NULL || name[0] == '\0' || strchr(name, '=') != NULL)
+	{
+		errno = EINVAL;
+		return -1;
+	}
+
 	envbuf = (char *) malloc(strlen(name) + 2);
 	if (!envbuf)
 		return -1;