Bug#932133: sandsifter: FTBFS on i386

[Jiri Palecek]

Package: sandsifter
Version: 1.03-2
Severity: important
Tags: patch

Dear Maintainer,

sandsifter fails to build from source on i386 [1]. It is caused by a
rather naive asm code in the injector, which IIUC (don't take me at my
word) tries to use relocation which simply isn't there for the 8th
argument (the new stack). However, I've written a different assembly
routine, which, albeit not beingthe greatest assembler ever written,
gets the job done reliably (and should compile even with pie).

Please consider including this patch.

Regards
    Jiri Palecek


Index: sandsifter-1.03/injector.c
===================================================================
--- sandsifter-1.03.orig/injector.c
+++ sandsifter-1.03/injector.c
@@ -23,6 +23,7 @@
 #include <sched.h>
 #include <pthread.h>
 #include <sys/wait.h>
+#include <stddef.h>

 /* configuration */

@@ -814,28 +815,31 @@ void inject(int insn_size)
 			  [packet]"m"(packet)
 			);
 #else
+	dummy_stack.dummy_stack_lo[0] = (uint64_t)packet;
 	__asm__ __volatile__ ("\
-			mov %[eax], %%eax \n\
-			mov %[ebx], %%ebx \n\
-			mov %[ecx], %%ecx \n\
-			mov %[edx], %%edx \n\
-			mov %[esi], %%esi \n\
-			mov %[edi], %%edi \n\
-			mov %[ebp], %%ebp \n\
-			mov %[esp], %%esp \n\
-			jmp *%[packet]    \n\
+			mov %[dummy_stack], %%esp \n\
+			mov %[inject_state], %%ebp\n\
+			mov %c[eax](%%ebp), %%eax \n\
+			mov %c[ebx](%%ebp), %%ebx \n\
+			mov %c[ecx](%%ebp), %%ecx \n\
+			mov %c[edx](%%ebp), %%edx \n\
+			mov %c[esi](%%ebp), %%esi \n\
+			mov %c[edi](%%ebp), %%edi \n\
+			mov %c[ebp](%%ebp), %%ebp \n\
+			ret    \n\
 			"
 			:
 			:
-			[eax]"m"(inject_state.eax),
-			[ebx]"m"(inject_state.ebx),
-			[ecx]"m"(inject_state.ecx),
-			[edx]"m"(inject_state.edx),
-			[esi]"m"(inject_state.esi),
-			[edi]"m"(inject_state.edi),
-			[ebp]"m"(inject_state.ebp),
-			[esp]"i"(&dummy_stack.dummy_stack_lo),
-			[packet]"m"(packet)
+			[inject_state]"r"(&inject_state),
+			[eax]"i"(offsetof(state_t, eax)),
+			[ebx]"i"(offsetof(state_t, ebx)),
+			[ecx]"i"(offsetof(state_t, ecx)),
+			[edx]"i"(offsetof(state_t, edx)),
+			[esi]"i"(offsetof(state_t, esi)),
+			[edi]"i"(offsetof(state_t, edi)),
+			[ebp]"i"(offsetof(state_t, ebp)),
+			[dummy_stack]"r"(&dummy_stack.dummy_stack_lo),
+			[st_offset]"i"(offsetof(typeof(dummy_stack), dummy_stack_lo))
 			);
 #endif


1: 
https://buildd.debian.org/status/fetch.php?pkg=sandsifter&arch=i386&ver=1.03-2&stamp=1547570894&raw=0

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.1.0-rc4-bughunt+ (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2), LANGUAGE=cs_CZ 
(charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sandsifter depends on:
ii  libc6            2.28-10
ii  libcapstone3     4.0.1+really+3.0.5-1
ii  python           2.7.16-1
ii  python-capstone  4.0.1+really+3.0.5-1

Versions of packages sandsifter recommends:
ii  binutils  2.32.51.20190707-1
pn  nasm      <none>

sandsifter suggests no packages.

-- no debconf information