Package: sandsifter Version: 1.03-2 Severity: important Tags: patch Dear Maintainer,
sandsifter fails to build from source on i386 [1]. It is caused by a rather naive asm code in the injector, which IIUC (don't take me at my word) tries to use relocation which simply isn't there for the 8th argument (the new stack). However, I've written a different assembly routine, which, albeit not beingthe greatest assembler ever written, gets the job done reliably (and should compile even with pie). Please consider including this patch. Regards Jiri Palecek
Index: sandsifter-1.03/injector.c =================================================================== --- sandsifter-1.03.orig/injector.c +++ sandsifter-1.03/injector.c @@ -23,6 +23,7 @@ #include <sched.h> #include <pthread.h> #include <sys/wait.h> +#include <stddef.h> /* configuration */ @@ -814,28 +815,31 @@ void inject(int insn_size) [packet]"m"(packet) ); #else + dummy_stack.dummy_stack_lo[0] = (uint64_t)packet; __asm__ __volatile__ ("\ - mov %[eax], %%eax \n\ - mov %[ebx], %%ebx \n\ - mov %[ecx], %%ecx \n\ - mov %[edx], %%edx \n\ - mov %[esi], %%esi \n\ - mov %[edi], %%edi \n\ - mov %[ebp], %%ebp \n\ - mov %[esp], %%esp \n\ - jmp *%[packet] \n\ + mov %[dummy_stack], %%esp \n\ + mov %[inject_state], %%ebp\n\ + mov %c[eax](%%ebp), %%eax \n\ + mov %c[ebx](%%ebp), %%ebx \n\ + mov %c[ecx](%%ebp), %%ecx \n\ + mov %c[edx](%%ebp), %%edx \n\ + mov %c[esi](%%ebp), %%esi \n\ + mov %c[edi](%%ebp), %%edi \n\ + mov %c[ebp](%%ebp), %%ebp \n\ + ret \n\ " : : - [eax]"m"(inject_state.eax), - [ebx]"m"(inject_state.ebx), - [ecx]"m"(inject_state.ecx), - [edx]"m"(inject_state.edx), - [esi]"m"(inject_state.esi), - [edi]"m"(inject_state.edi), - [ebp]"m"(inject_state.ebp), - [esp]"i"(&dummy_stack.dummy_stack_lo), - [packet]"m"(packet) + [inject_state]"r"(&inject_state), + [eax]"i"(offsetof(state_t, eax)), + [ebx]"i"(offsetof(state_t, ebx)), + [ecx]"i"(offsetof(state_t, ecx)), + [edx]"i"(offsetof(state_t, edx)), + [esi]"i"(offsetof(state_t, esi)), + [edi]"i"(offsetof(state_t, edi)), + [ebp]"i"(offsetof(state_t, ebp)), + [dummy_stack]"r"(&dummy_stack.dummy_stack_lo), + [st_offset]"i"(offsetof(typeof(dummy_stack), dummy_stack_lo)) ); #endif
1: https://buildd.debian.org/status/fetch.php?pkg=sandsifter&arch=i386&ver=1.03-2&stamp=1547570894&raw=0 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 5.1.0-rc4-bughunt+ (SMP w/2 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2), LANGUAGE=cs_CZ (charmap=ISO-8859-2) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sandsifter depends on: ii libc6 2.28-10 ii libcapstone3 4.0.1+really+3.0.5-1 ii python 2.7.16-1 ii python-capstone 4.0.1+really+3.0.5-1 Versions of packages sandsifter recommends: ii binutils 2.32.51.20190707-1 pn nasm <none> sandsifter suggests no packages. -- no debconf information