Dot15d4 aux_sec_header incorrect parsing #4928
Description
Brief description
Dot15d4 incorrectly parses Auxiliary Security Header.
Scapy version
2.7.0
Python version
3.13.11
Operating system
Kali 2025.4
Additional environment information
No response
How to reproduce
Example: Dot15d4(b'\x08\xD0\x84\x21\x43\x01\x00\x00\x00\x00\x48\xDE\xAC\x02\x05\x00\x00\x00\x55\xCF\x00\x00\x51\x52\x53\x54\x22\x3B\xC1\xEC\x84\x1A\xB5\x53')
Actual result
Should get parsed as Dot15d4 > Dot15d4Beacon with aux_sec_header set > Raw.
Expected result
Instead it gets parsed as Dot15d4 > Dot15d4Beacon (with incorrect values) > ZigbeeBeacon > Raw.
Related resources
There are two problems:
- The ConditionalField lambda is wrong in Dot15d4Beacon, Dot15d4Cmd and Dot15d4Data
- Dot15d4AuxSecurityHeader parses remaining bytes as payload although it should not have any [enhancement] Provide a kind of packet that doesn't expect a payload #4708
Fixes:
- modify this line in
Dot15d4Beacon,Dot15d4CmdandDot15d4Data:
ConditionalField(PacketField("aux_sec_header", Dot15d4AuxSecurityHeader(), Dot15d4AuxSecurityHeader), lambda pkt:pkt.underlayer.getfieldval("fcf_security") is True)
to:
ConditionalField(PacketField("aux_sec_header", Dot15d4AuxSecurityHeader(), Dot15d4AuxSecurityHeader), lambda pkt:pkt.underlayer.getfieldval("fcf_security"))
- add this method to
Dot15d4AuxSecurityHeader:
def extract_padding(self, s):
return b'', s