Fix POSIX compliance in pgwin32_unsetenv() for "name" argument

pgwin32_unsetenv() (compatibility routine of unsetenv() on Windows)
lacks the input validation that its sibling pgwin32_setenv() has.
Without these checks, calling unsetenv() with incorrect names crashes on
WIN32.  However, invalid names should be handled, failing on EINVAL.

This commit adds the same checks as setenv() to fail with EINVAL for a
"name" set to NULL, an empty string, or if '=' is included in the value,
per POSIX requirements.

Like 7ca37fb0406b, backpatch down to v14.  pgwin32_unsetenv() is defined
on REL_13_STABLE, but with the branch going EOL soon and the lack of
setenv() there for WIN32, nothing is done for v13.

Author: Bryan Green <dbryan.green@gmail.com>
Discussion: https://postgr.es/m/b6a1e52b-d808-4df7-87f7-2ff48d15003e@gmail.com
Backpatch-through: 14

diff --git a/src/port/win32env.c b/src/port/win32env.c
index b22fbafde4012b57bc0b6496c4f7684d3feb0b7b..e1cee683dbf9dec08baaf570c62a8124f756b227 100644 (file)
--- a/src/port/win32env.c
+++ b/src/port/win32env.c
@@ -152,6 +152,13 @@ pgwin32_unsetenv(const char *name)
        int                     res;
        char       *envbuf;
 
+       /* Error conditions, per POSIX */
+       if (name == NULL || name[0] == '\0' || strchr(name, '=') != NULL)
+       {
+               errno = EINVAL;
+               return -1;
+       }
+
        envbuf = (char *) malloc(strlen(name) + 2);
        if (!envbuf)
                return -1;