From: enh <enh@google.com>
Subject: Re: setenv(3) segfaults when value == NULL
To: Theo de Raadt <deraadt@openbsd.org>
Cc: "Lyndon Nerenberg (VE7TFX/VE6BBM)" <lyndon@orthanc.ca>, tech@openbsd.org
Date: Tue, 17 Mar 2026 10:33:23 -0400

On Mon, Mar 16, 2026 at 8:32 PM Theo de Raadt <deraadt@openbsd.org> wrote:
>
> enh <enh@google.com> wrote:
>
> > actually, re-reading POSIX, openbsd and android are already returning
> > EINVAL in cases where we could just blow up: none of the environment
> > functions are specified to return EINVAL for anything other than
> > unexpected '='s/empty strings. null pointers aren't mentioned...
>
> So Lyndon made up a rule on his own?

or just "generalized existing code that POSIX doesn't require us to
have, but we have anyway" :-)

looks like it was added so that openbsd matched unsetenv():
https://github.com/openbsd/src/commit/98da8fe0e7d3de45f88b48bb2d0c819bd789b300

and unsetenv() had the check added because of POSIX:
https://github.com/openbsd/src/commit/f1fdc1be930d71393f7f4e24ec9c117417cf63a3

and indeed it is true that older versions of POSIX explicitly referred
to NULL: https://pubs.opengroup.org/onlinepubs/000095399/functions/unsetenv.html

(that version of POSIX had similar text for setenv() but not putenv(),
which explains that little mystery too. openbsd currently matches
POSIX 2004.)

here's the austin group bug that removed the EINVAL requirement for
NULL: https://austingroupbugs.net/view.php?id=185