diff --git a/configure/Configure/Configure.m b/configure/Configure/Configure.m index df5f332..917077d 100644 --- a/configure/Configure/Configure.m +++ b/configure/Configure/Configure.m @@ -169,6 +169,9 @@ -(BOOL)isBetaInstalled //app version NSString* appVersion = nil; + //dbg msg + logMsg(LOG_DEBUG, @"checking if installed version is a beta..."); + //load app bundle appBundle = [NSBundle bundleWithPath:[@"/Applications" stringByAppendingPathComponent:APP_NAME]]; if(nil == appBundle) @@ -185,8 +188,11 @@ -(BOOL)isBetaInstalled goto bail; } + //dbg msg + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"existing (app) version: %@", appVersion]); + //check for beta - // version string that starts with 0 + // version string that starts with "0." if(YES == [appVersion hasPrefix:@"0."]) { //set flag diff --git a/configure/Configure/ConfigureWindowController.m b/configure/Configure/ConfigureWindowController.m index ed40798..806fb80 100644 --- a/configure/Configure/ConfigureWindowController.m +++ b/configure/Configure/ConfigureWindowController.m @@ -67,7 +67,7 @@ -(void)configure:(BOOL)isInstalled else { //init status msg - [self.statusMsg setStringValue:@"monitor network connections 🔥🛡️"]; + [self.statusMsg setStringValue:@"the free, open, firewall 🔥🛡️"]; } //app already installed? @@ -132,7 +132,7 @@ -(IBAction)buttonHandler:(id)sender //grab tag action = ((NSButton*)sender).tag; - //restart? + //action: restart if(action == ACTION_RESTART_FLAG) { //disable button @@ -145,7 +145,7 @@ -(IBAction)buttonHandler:(id)sender goto bail; } - //close? + //action close else if(action == ACTION_CLOSE_FLAG) { //close window to trigger cleanup logic @@ -155,7 +155,7 @@ -(IBAction)buttonHandler:(id)sender goto bail; } - //install || uninstall + //action: install || uninstall else { //upgrade/uninstall @@ -163,23 +163,24 @@ -(IBAction)buttonHandler:(id)sender if( (action != ACTION_UNINSTALL_FLAG) && (YES == [((AppDelegate*)[[NSApplication sharedApplication] delegate]).configureObj isBetaInstalled]) ) { - //init alert - betaInstalled = [[NSAlert alloc] init]; - - //set style - betaInstalled.alertStyle = NSAlertStyleInformational; - - //main text - betaInstalled.messageText = @"Beta Version Already Installed"; - - //details - betaInstalled.informativeText = @"Please note, it will be fully uninstalled first!"; - - //add button - [betaInstalled addButtonWithTitle:@"Ok"]; - - //show - [betaInstalled runModal]; + //init alert + betaInstalled = [[NSAlert alloc] init]; + + //set style + betaInstalled.alertStyle = NSAlertStyleInformational; + + //set main text + betaInstalled.messageText = @"Beta Version Already Installed"; + + //set detailed text + betaInstalled.informativeText = @"Please note, it will be fully uninstalled first!"; + + //add button + [betaInstalled addButtonWithTitle:@"Ok"]; + + //show + // will block until user + [betaInstalled runModal]; } //disable 'x' button diff --git a/configure/Configure/Script/configure.sh b/configure/Configure/Script/configure.sh index 3a3f805..f417666 100755 --- a/configure/Configure/Script/configure.sh +++ b/configure/Configure/Script/configure.sh @@ -65,13 +65,11 @@ if [ "${1}" == "-install" ]; then if [ ! -f $INSTALL_DIRECTORY/installedApps.plist ]; then echo "enumerating (pre)installed applications" - /usr/sbin/system_profiler SPApplicationsDataType -xml > $INSTALL_DIRECTORY/installedApps.xml & fi #rebuild cache, full path echo "rebuilding kernel cache" - /usr/sbin/kextcache -invalidate / & echo "install complete" @@ -103,7 +101,7 @@ elif [ "${1}" == "-uninstall" ]; then if [[ "${2}" -eq "1" ]]; then rm -rf $INSTALL_DIRECTORY - #no other objective-see tools? + #no other Objective-See tools? # then delete that directory too baseDir=$(dirname $INSTALL_DIRECTORY) diff --git a/launchDaemon/launchDaemon/Alerts.m b/launchDaemon/launchDaemon/Alerts.m index 5566791..8efdb2a 100644 --- a/launchDaemon/launchDaemon/Alerts.m +++ b/launchDaemon/launchDaemon/Alerts.m @@ -437,14 +437,14 @@ -(void)processUndelivered NSDictionary* alert = nil; //dbg msg - logMsg(LOG_DEBUG, @"processing undelivered alerts"); + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"processing %lu undelivered alerts", self.undelivertedAlerts.count]); //sync @synchronized(self.undelivertedAlerts) { //process all undelivered alerts // add to queue, and to 'shown' alert - for(NSString* path in self.undelivertedAlerts) + for(NSString* path in self.undelivertedAlerts.allKeys) { //grab alert alert = self.undelivertedAlerts[path]; @@ -456,34 +456,13 @@ -(void)processUndelivered // this will trigger processing of alert [eventQueue enqueue:alert]; + //remove + [self.undelivertedAlerts removeObjectForKey:path]; + //save to 'shown' [self addShown:alert]; } - } - - return; -} - -//remove an alert from 'undelivered' --(void)removeUndeliverted:(NSDictionary*)alert -{ - //path (key) - NSString* path = nil; - - //dbg msg - logMsg(LOG_DEBUG, [NSString stringWithFormat:@"removing alert from 'undelivered': %@", alert]); - - //remove alert - @synchronized(self.undelivertedAlerts) - { - //grab path - path = alert[ALERT_PATH]; - - //remove - [self.undelivertedAlerts removeObjectForKey:path]; - } - return; } diff --git a/launchDaemon/launchDaemon/KextListener.m b/launchDaemon/launchDaemon/KextListener.m index 38ed825..d860fd8 100644 --- a/launchDaemon/launchDaemon/KextListener.m +++ b/launchDaemon/launchDaemon/KextListener.m @@ -600,7 +600,8 @@ -(void)processNetworkOut:(struct networkOutEvent_s*)event } //no connected client - // can't deliver alert, so just allow, but log this fact + // a) allow + // b) save for delivery later... if(YES != clientConnected) { //dbg msg @@ -672,8 +673,8 @@ -(void)processNetworkOut:(struct networkOutEvent_s*)event return; } -//process a network out event from the kernel -// if there is no matching rule, will tell client to show alert +//process a dns packet from the kernel +// just looking to extract name/ip address mappings -(void)processDNSResponse:(struct dnsResponseEvent_s*)event { //dns header @@ -695,7 +696,7 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event NSString* aName = nil; //type - // A, AAAA + // A, AAAA, etc... unsigned short addressType = 0; //ip address @@ -712,12 +713,16 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //print out DNS response //for(int i = 0; iresponse); i++) - // logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%d/%02x", i, event->response[i] & 0xFF]); - + // logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%d/%02x", i, event->response[i] & 0xFF]); //init pointer to DNS data // begins right after (fixed) DNS header dnsData = (unsigned char*)((unsigned char*)dnsHeader + sizeof(struct dnsHeader)); + if(dnsData >= end) + { + //bail + goto bail; + } //skip over any question entries // they should always come first, ya? @@ -749,14 +754,21 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //bail goto bail; } - } //now, parse answers // this is all we really care about... for(NSUInteger i = 0; i < ntohs(dnsHeader->ancount); i++) { - //first byte indicates a pointer? + //sanity check + // answers should be at least 0xC + if(dnsData+0xC >= end) + { + //bail + goto bail; + } + + //first byte should alway indicated 'offset' if(0xC0 != *dnsData++) { //bail @@ -789,27 +801,12 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over type dnsData += sizeof(unsigned short); - if(dnsData >= end) - { - //bail - goto bail; - } - + //skip class dnsData += sizeof(unsigned short); - if(dnsData >= end) - { - //bail - goto bail; - } //skip ttl dnsData += sizeof(unsigned int); - if(dnsData >= end) - { - //bail - goto bail; - } //TODO: rem logMsg(LOG_DEBUG, [NSString stringWithFormat:@"name (offset: %lx): %@", (unsigned long)nameOffset, extractDNSName((unsigned char*)dnsHeader, (unsigned char*)dnsHeader + nameOffset, (unsigned char*)dnsHeader + sizeof(event->response))]); @@ -830,11 +827,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over size + length of data dnsData += sizeof(unsigned short) + ntohs(*(unsigned short*)dnsData); - if(dnsData >= end) - { - //bail - goto bail; - } } //type A @@ -860,7 +852,9 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over length dnsData += sizeof(unsigned short); - if(dnsData >= end) + + //ipv4 addr is 0x4 + if(dnsData+0x4 >= end) { //bail goto bail; @@ -872,11 +866,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over IP address // for IPv4 addresses, this will always be 4 dnsData += 0x4; - if(dnsData >= end) - { - //bail - goto bail; - } } //type AAAA @@ -902,7 +891,9 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over length dnsData += sizeof(unsigned short); - if(dnsData >= end) + + //ipv6 addr is 0x10 + if(dnsData+0x10 >= end) { //bail goto bail; @@ -914,11 +905,6 @@ -(void)processDNSResponse:(struct dnsResponseEvent_s*)event //skip over IP address // for IPv4 addresses, this will always be 0x10 dnsData += 0x10; - if(dnsData >= end) - { - //bail - goto bail; - } } //add to DNS 'cache' diff --git a/mainApp/mainApp/PrefsWindowController.m b/mainApp/mainApp/PrefsWindowController.m index 4de516a..655c1d0 100644 --- a/mainApp/mainApp/PrefsWindowController.m +++ b/mainApp/mainApp/PrefsWindowController.m @@ -302,7 +302,7 @@ -(IBAction)check4Update:(id)sender update = [[Update alloc] init]; //check for update - // ->'updateResponse newVersion:' method will be called when check is done + // 'updateResponse newVersion:' method will be called when check is done [update checkForUpdate:^(NSUInteger result, NSString* newVersion) { //process response @@ -314,7 +314,7 @@ -(IBAction)check4Update:(id)sender } //process update response -// ->error, no update, update/new version +// error, no update, update/new version -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion { //re-enable button @@ -323,7 +323,7 @@ -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion //stop/hide spinner [self.updateIndicator stopAnimation:self]; - switch (result) + switch(result) { //error case -1: @@ -371,9 +371,6 @@ -(void)updateResponse:(NSInteger)result newVersion:(NSString*)newVersion }); - //set label - //self.updateLabel.stringValue = [NSString stringWithFormat:@"a new version (%@) is available", newVersion]; - break; } diff --git a/shared/utilities.m b/shared/utilities.m index 94ad6f1..524339e 100644 --- a/shared/utilities.m +++ b/shared/utilities.m @@ -578,7 +578,7 @@ BOOL setFilePermissions(NSString* file, int permissions, BOOL recursive) } //given a process path and user -// ->return array of all matching pids +// return array of all matching pids NSMutableArray* getProcessIDs(NSString* processPath, int userID) { //status @@ -908,7 +908,7 @@ pid_t findProcess(NSString* processName) } //iterate over all pids - // ->get name for each via helper function + // get name for each via helper function for(int i = 0; i < numberOfProcesses; ++i) { //skip blank pids @@ -1477,7 +1477,6 @@ BOOL isAppRunning(NSString* bundleID) } //extract a DNS url -// per spec, format is: [len]bytes[len][bytes]0x0 NSMutableString* extractDNSName(unsigned char* start, unsigned char* chunk, unsigned char* end) { //size of chunk @@ -1489,12 +1488,12 @@ BOOL isAppRunning(NSString* bundleID) //alloc name = [NSMutableString string]; - //parse! + //parse while(YES) { //grab size & check chunkSize = (*chunk & 0xFF); - if(start+chunkSize >= end) + if(chunk+chunkSize >= end) { //bail goto bail; @@ -1502,6 +1501,11 @@ BOOL isAppRunning(NSString* bundleID) //skip size chunk++; + if(chunk >= end) + { + //bail + goto bail; + } //append each byte of url chunk for(NSUInteger i = 0; i < chunkSize; i++) @@ -1518,7 +1522,7 @@ BOOL isAppRunning(NSString* bundleID) goto bail; } - //done? + //done when hit a NULL if(0x0 == *chunk) { //done @@ -1529,14 +1533,24 @@ BOOL isAppRunning(NSString* bundleID) [name appendString:@"."]; //if value is 0xC - // go to that chunk offset + // go to that new chunk offset if(0xC0 == *chunk) { //skip ptr (0xCC) chunk++; + if(chunk >= end) + { + //bail + goto bail; + } //go to next chunk chunk = (unsigned char*)start + (*chunk & 0xFF); + if(chunk >= end) + { + //bail + goto bail; + } } }