+/*
+ * Clean our environment on startup. This means removing any environment
+ * strings that might inadvertantly been in root's environment and
+ * could cause serious security problems if we think we set them.
+ */
+void
+ssh_gssapi_clean_env(void)
+{
+ char *envstr;
+ int envstr_index;
+
+
+ for (envstr_index = 0;
+ (envstr = delegation_env[envstr_index]) != NULL;
+ envstr_index++) {
+
+ if (getenv(envstr)) {
+ debug("Clearing environment variable %s", envstr);
+ gssapi_unsetenv(envstr);
+ }
+ }
+}
+
+/*
+ * Wrapper around unsetenv.
+ */
+static void
+gssapi_unsetenv(const char *var)
+{
+#ifdef HAVE_UNSETENV
+ unsetenv(var);
+
+#else /* !HAVE_UNSETENV */
+ extern char **environ;
+ char **p1 = environ; /* New array list */
+ char **p2 = environ; /* Current array list */
+ int len = strlen(var);
+
+ /*
+ * Walk through current environ array (p2) copying each pointer
+ * to new environ array (p1) unless the pointer is to the item
+ * we want to delete. Copy happens in place.
+ */
+ while (*p2) {
+ if ((strncmp(*p2, var, len) == 0) &&
+ ((*p2)[len] == '=')) {
+ /*
+ * *p2 points at item to be deleted, just skip over it
+ */
+ p2++;
+ } else {
+ /*
+ * *p2 points at item we want to save, so copy it
+ */
+ *p1 = *p2;
+ p1++;
+ p2++;
+ }
+ }
+
+ /* And make sure new array is NULL terminated */
+ *p1 = NULL;
+#endif /* HAVE_UNSETENV */
+}
+