From dda02bef12a725eff5e38367f2a525b2355c29d0 Mon Sep 17 00:00:00 2001
From: Bryan Green <dbryan.green@gmail.com>
Date: Sat, 18 Oct 2025 13:04:04 -0500
Subject: [PATCH] Fix POSIX compliance in pgwin32_unsetenv()

pgwin32_unsetenv() lacks the input validation that its sibling
pgwin32_setenv() has.  Add the same checks for NULL, empty string,
and '=' in the name parameter, per POSIX requirements.

Without these checks, unsetenv(NULL) crashes, and invalid names
are accepted when they should fail with EINVAL.
---
 src/port/win32env.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/port/win32env.c b/src/port/win32env.c
index b22fbafde4..e1cee683db 100644
--- a/src/port/win32env.c
+++ b/src/port/win32env.c
@@ -152,6 +152,13 @@ pgwin32_unsetenv(const char *name)
 	int			res;
 	char	   *envbuf;
 
+	/* Error conditions, per POSIX */
+	if (name == NULL || name[0] == '\0' || strchr(name, '=') != NULL)
+	{
+		errno = EINVAL;
+		return -1;
+	}
+
 	envbuf = (char *) malloc(strlen(name) + 2);
 	if (!envbuf)
 		return -1;
-- 
2.49.0