improved DNS parsing, fixed issue handling undelivered alerts, code c…

…leanup
objective-see · Aug 7, 2018 · cfe5ebd · cfe5ebd
1 parent 516dc0e
commit cfe5ebd
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 105 deletions.
diff --git a/configure/Configure/Configure.m b/configure/Configure/Configure.m
@@ -169,6 +169,9 @@ -(BOOL)isBetaInstalled
     //app version
     NSString* appVersion = nil;
 
+    //dbg msg
+    logMsg(LOG_DEBUG, @"checking if installed version is a beta...");
+
     //load app bundle
     appBundle = [NSBundle bundleWithPath:[@"/Applications" stringByAppendingPathComponent:APP_NAME]];
     if(nil == appBundle)
@@ -185,8 +188,11 @@ -(BOOL)isBetaInstalled
         goto bail;
     }
 
+    //dbg msg
+    logMsg(LOG_DEBUG, [NSString stringWithFormat:@"existing (app) version: %@", appVersion]);
+
     //check for beta
-    // version string that starts with 0
+    // version string that starts with "0."
     if(YES == [appVersion hasPrefix:@"0."])
     {
         //set flag

diff --git a/configure/Configure/ConfigureWindowController.m b/configure/Configure/ConfigureWindowController.m
@@ -67,7 +67,7 @@ -(void)configure:(BOOL)isInstalled
     else
     {
         //init status msg
-        [self.statusMsg setStringValue:@"monitor network connections 🔥🛡️"];
+        [self.statusMsg setStringValue:@"the free, open, firewall 🔥🛡️"];
     }
 
     //app already installed?
@@ -132,7 +132,7 @@ -(IBAction)buttonHandler:(id)sender
     //grab tag
     action = ((NSButton*)sender).tag;
 
-    //restart?
+    //action: restart
     if(action == ACTION_RESTART_FLAG)
     {
         //disable button
@@ -145,7 +145,7 @@ -(IBAction)buttonHandler:(id)sender
         goto bail;
     }
 
-    //close?
+    //action close
     else if(action == ACTION_CLOSE_FLAG)
     {
         //close window to trigger cleanup logic
@@ -155,31 +155,32 @@ -(IBAction)buttonHandler:(id)sender
         goto bail;
     }
 
-    //install || uninstall
+    //action: install || uninstall
     else
     {
         //upgrade/uninstall
         // warn if beta is installed
         if( (action != ACTION_UNINSTALL_FLAG) &&
             (YES == [((AppDelegate*)[[NSApplication sharedApplication] delegate]).configureObj isBetaInstalled]) )
         {
-                //init alert
-                betaInstalled = [[NSAlert alloc] init];
-
-                //set style
-                betaInstalled.alertStyle = NSAlertStyleInformational;
-
-                //main text
-                betaInstalled.messageText = @"Beta Version Already Installed";
-
-                //details
-                betaInstalled.informativeText = @"Please note, it will be fully uninstalled first!";
-
-                //add button
-                [betaInstalled addButtonWithTitle:@"Ok"];
-
-                //show
-                [betaInstalled runModal];
+            //init alert
+            betaInstalled = [[NSAlert alloc] init];
+
+            //set style
+            betaInstalled.alertStyle = NSAlertStyleInformational;
+
+            //set main text
+            betaInstalled.messageText = @"Beta Version Already Installed";
+
+            //set detailed text
+            betaInstalled.informativeText = @"Please note, it will be fully uninstalled first!";
+
+            //add button
+            [betaInstalled addButtonWithTitle:@"Ok"];
+
+            //show
+            // will block until user
+            [betaInstalled runModal];
         }
 
         //disable 'x' button

diff --git a/configure/Configure/Script/configure.sh b/configure/Configure/Script/configure.sh
@@ -65,13 +65,11 @@ if [ "${1}" == "-install" ]; then
     if [ ! -f $INSTALL_DIRECTORY/installedApps.plist ]; then
 
         echo "enumerating (pre)installed applications"
-
         /usr/sbin/system_profiler SPApplicationsDataType -xml > $INSTALL_DIRECTORY/installedApps.xml &
     fi
 
     #rebuild cache, full path
     echo "rebuilding kernel cache"
-
     /usr/sbin/kextcache -invalidate / &
 
     echo "install complete"
@@ -103,7 +101,7 @@ elif [ "${1}" == "-uninstall" ]; then
     if [[ "${2}" -eq "1" ]]; then
         rm -rf $INSTALL_DIRECTORY
 
-        #no other objective-see tools?
+        #no other Objective-See tools?
         # then delete that directory too
         baseDir=$(dirname $INSTALL_DIRECTORY)
 

diff --git a/launchDaemon/launchDaemon/Alerts.m b/launchDaemon/launchDaemon/Alerts.m
@@ -437,14 +437,14 @@ -(void)processUndelivered
     NSDictionary* alert = nil;
 
     //dbg msg
-    logMsg(LOG_DEBUG, @"processing undelivered alerts");
+    logMsg(LOG_DEBUG, [NSString stringWithFormat:@"processing %lu undelivered alerts", self.undelivertedAlerts.count]);
 
     //sync
     @synchronized(self.undelivertedAlerts)
     {
         //process all undelivered alerts
         // add to queue, and to 'shown' alert
-        for(NSString* path in self.undelivertedAlerts)
+        for(NSString* path in self.undelivertedAlerts.allKeys)
         {
             //grab alert
             alert = self.undelivertedAlerts[path];
@@ -456,34 +456,13 @@ -(void)processUndelivered
             // this will trigger processing of alert
             [eventQueue enqueue:alert];
 
+            //remove
+            [self.undelivertedAlerts removeObjectForKey:path];
+
             //save to 'shown'
             [self addShown:alert];
         }
-
     }
-
-    return;
-}
-
-//remove an alert from 'undelivered'
--(void)removeUndeliverted:(NSDictionary*)alert
-{
-    //path (key)
-    NSString* path = nil;
-
-    //dbg msg
-    logMsg(LOG_DEBUG, [NSString stringWithFormat:@"removing alert from 'undelivered': %@", alert]);
-
-    //remove alert
-    @synchronized(self.undelivertedAlerts)
-    {
-        //grab path
-        path = alert[ALERT_PATH];
-
-        //remove
-        [self.undelivertedAlerts removeObjectForKey:path];
-    }
-
     return;
 }
 

diff --git a/launchDaemon/launchDaemon/KextListener.m b/launchDaemon/launchDaemon/KextListener.m
@@ -600,7 +600,8 @@ -(void)processNetworkOut:(struct networkOutEvent_s*)event
     }
 
     //no connected client
-    // can't deliver alert, so just allow, but log this fact
+    // a) allow
+    // b) save for delivery later...
     if(YES != clientConnected)
     {
         //dbg msg
@@ -672,8 +673,8 @@ -(void)processNetworkOut:(struct networkOutEvent_s*)event
     return;
 }
 
-//process a network out event from the kernel
-// if there is no matching rule, will tell client to show alert
+//process a dns packet from the kernel
+// just looking to extract name/ip address mappings
 -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 {
     //dns header
@@ -695,7 +696,7 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
     NSString* aName = nil;
 
     //type
-    // A, AAAA
+    // A, AAAA, etc...
     unsigned short addressType = 0;
 
     //ip address
@@ -712,12 +713,16 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 
     //print out DNS response
     //for(int i = 0; i<sizeof(event->response); i++)
-    //    logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%d/%02x", i, event->response[i] & 0xFF]);
-
+    //  logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%d/%02x", i, event->response[i] & 0xFF]);
 
     //init pointer to DNS data
     // begins right after (fixed) DNS header
     dnsData = (unsigned char*)((unsigned char*)dnsHeader + sizeof(struct dnsHeader));
+    if(dnsData >= end)
+    {
+        //bail
+        goto bail;
+    }
 
     //skip over any question entries
     // they should always come first, ya?
@@ -749,14 +754,21 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
             //bail
             goto bail;
         }
-
     }
 
     //now, parse answers
     // this is all we really care about...
     for(NSUInteger i = 0; i < ntohs(dnsHeader->ancount); i++)
     {
-        //first byte indicates a pointer?
+        //sanity check
+        // answers should be at least 0xC
+        if(dnsData+0xC >= end)
+        {
+            //bail
+            goto bail;
+        }
+
+        //first byte should alway indicated 'offset'
         if(0xC0 != *dnsData++)
         {
             //bail
@@ -789,27 +801,12 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 
         //skip over type
         dnsData += sizeof(unsigned short);
-        if(dnsData >= end)
-        {
-            //bail
-            goto bail;
-        }
-
+
         //skip class
         dnsData += sizeof(unsigned short);
-        if(dnsData >= end)
-        {
-            //bail
-            goto bail;
-        }
 
         //skip ttl
         dnsData += sizeof(unsigned int);
-        if(dnsData >= end)
-        {
-            //bail
-            goto bail;
-        }
 
         //TODO: rem
         logMsg(LOG_DEBUG, [NSString stringWithFormat:@"name (offset: %lx): %@", (unsigned long)nameOffset, extractDNSName((unsigned char*)dnsHeader, (unsigned char*)dnsHeader + nameOffset, (unsigned char*)dnsHeader + sizeof(event->response))]);
@@ -830,11 +827,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 
             //skip over size + length of data
             dnsData += sizeof(unsigned short) + ntohs(*(unsigned short*)dnsData);
-            if(dnsData >= end)
-            {
-                //bail
-                goto bail;
-            }
         }
 
         //type A
@@ -860,7 +852,9 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 
             //skip over length
             dnsData += sizeof(unsigned short);
-            if(dnsData >= end)
+
+            //ipv4 addr is 0x4
+            if(dnsData+0x4 >= end)
             {
                 //bail
                 goto bail;
@@ -872,11 +866,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
             //skip over IP address
             // for IPv4 addresses, this will always be 4
             dnsData += 0x4;
-            if(dnsData >= end)
-            {
-                //bail
-                goto bail;
-            }
         }
 
         //type AAAA
@@ -902,7 +891,9 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
 
             //skip over length
             dnsData += sizeof(unsigned short);
-            if(dnsData >= end)
+
+            //ipv6 addr is 0x10
+            if(dnsData+0x10 >= end)
             {
                 //bail
                 goto bail;
@@ -914,11 +905,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event
             //skip over IP address
             // for IPv4 addresses, this will always be 0x10
             dnsData += 0x10;
-            if(dnsData >= end)
-            {
-                //bail
-                goto bail;
-            }
         }
 
         //add to DNS 'cache'

diff --git a/mainApp/mainApp/PrefsWindowController.m b/mainApp/mainApp/PrefsWindowController.m
@@ -302,7 +302,7 @@ -(IBAction)check4Update:(id)sender
     update = [[Update alloc] init];
 
     //check for update
-    // ->'updateResponse newVersion:' method will be called when check is done
+    // 'updateResponse newVersion:' method will be called when check is done
     [update checkForUpdate:^(NSUInteger result, NSString* newVersion) {
 
         //process response
@@ -314,7 +314,7 @@ -(IBAction)check4Update:(id)sender
 }
 
 //process update response
-// ->error, no update, update/new version
+// error, no update, update/new version
 -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion
 {
     //re-enable button
@@ -323,7 +323,7 @@ -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion
     //stop/hide spinner
     [self.updateIndicator stopAnimation:self];
 
-    switch (result)
+    switch(result)
     {
         //error
         case -1:
@@ -371,9 +371,6 @@ -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion
 
             });
 
-            //set label
-            //self.updateLabel.stringValue = [NSString stringWithFormat:@"a new version (%@) is available", newVersion];
-
             break;
     }