The getenv() function searches an environment list for a string that matches a specified name and returns a pointer to a string associated with the matched list member.
Wiki Markup
The set of environment names and the method for altering the environment list are implementation-defined.
Depending on the implementation, multiple environment variables with the same name may be allowed and can cause unexpected results if a program cannot consistently choose the same value. The GNU glibc library addresses this issue in getenv() and setenv() by always using the first variable it encounters and ignoring the rest. However, it is unwise to rely on this.unmigrated-wiki-markup
One common difference between implementations is whether or not environment variables are case sensitive. While UNIX-like implementations are generally case sensitive, environment variables are "not case sensitive in Windows 98/Me and Windows NT/2000/XP" \[ [MSDN|AA. Bibliography#MSDN]\].
Duplicate Environment Variable Detection (POSIX)
...
MITRE CWE: CWE-807, "Reliance on Untrusted Inputs in a Security Decision"
Bibliography
Wiki Markup getenv()}}|http://msdn.microsoft.com/en-us/library/tehxacec(VS.71).aspx]
...