Last upstream release was in 1997 apparently, so I'm filing this bug here for tracking purposes. Building in strict(er) C99 mode reveals an implicit declaration of malloc: inetcf.c: In function 'inet_set': inetcf.c:283:25: error: implicit declaration of function 'malloc' 283 | (struct inet_ent *) malloc(sizeof(struct inet_ent) + strlen(name)); | ^~~~~~ inetcf.c:283:25: warning: incompatible implicit declaration of built-in function 'malloc' [-Wbuiltin-declaration-mismatch] inetcf.c:23:1: note: include '<stdlib.h>' or provide a declaration of 'malloc' 22 | #include "inetcf.h" +++ |+#include <stdlib.h> 23 | inetcf.c: At top level: inetcf.c:9:13: warning: 'sccsid' defined but not used [-Wunused-variable] 9 | static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; | ^~~~~~ This truncates the returned pointer to 32 bits, so this can never work. I think this code won't run in practice, so it's probably not a security issue.
Created attachment 1927970 [details] tcp_wrappers-inetcf-c99.patch