Fix POSIX compliance in pgwin32_unsetenv() for "name" argument

pgwin32_unsetenv() (compatibility routine of unsetenv() on Windows)
lacks the input validation that its sibling pgwin32_setenv() has.
Without these checks, calling unsetenv() with incorrect names crashes on
WIN32.  However, invalid names should be handled, failing on EINVAL.

This commit adds the same checks as setenv() to fail with EINVAL for a
"name" set to NULL, an empty string, or if '=' is included in the value,
per POSIX requirements.

Like 7ca37fb0406b, backpatch down to v14.  pgwin32_unsetenv() is defined
on REL_13_STABLE, but with the branch going EOL soon and the lack of
setenv() there for WIN32, nothing is done for v13.

Author: Bryan Green <dbryan.green@gmail.com>
Discussion: https://postgr.es/m/b6a1e52b-d808-4df7-87f7-2ff48d15003e@gmail.com
Backpatch-through: 14

diff --git a/src/port/win32env.c b/src/port/win32env.c
index 7aa5a3081e375a35999de835d26737fc157ed64a..6a4614509a4f7f66eaca80b698eeaab9b4dba5db 100644 (file)
--- a/src/port/win32env.c
+++ b/src/port/win32env.c
@@ -152,6 +152,13 @@ pgwin32_unsetenv(const char *name)
        int                     res;
        char       *envbuf;
 
+       /* Error conditions, per POSIX */
+       if (name == NULL || name[0] == '\0' || strchr(name, '=') != NULL)
+       {
+               errno = EINVAL;
+               return -1;
+       }
+
        envbuf = (char *) malloc(strlen(name) + 2);
        if (!envbuf)
                return -1;