-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Open
Labels
Description
Brief description
Dot15d4 incorrectly parses Auxiliary Security Header.
Scapy version
2.7.0
Python version
3.13.11
Operating system
Kali 2025.4
Additional environment information
No response
How to reproduce
Example: Dot15d4(b'\x08\xD0\x84\x21\x43\x01\x00\x00\x00\x00\x48\xDE\xAC\x02\x05\x00\x00\x00\x55\xCF\x00\x00\x51\x52\x53\x54\x22\x3B\xC1\xEC\x84\x1A\xB5\x53')
Actual result
Should get parsed as Dot15d4 > Dot15d4Beacon with aux_sec_header set > Raw.
Expected result
Instead it gets parsed as Dot15d4 > Dot15d4Beacon (with incorrect values) > ZigbeeBeacon > Raw.
Related resources
There are two problems:
- The ConditionalField lambda is wrong in Dot15d4Beacon, Dot15d4Cmd and Dot15d4Data
- Dot15d4AuxSecurityHeader parses remaining bytes as payload although it should not have any [enhancement] Provide a kind of packet that doesn't expect a payload #4708
Fixes:
- modify this line in
Dot15d4Beacon,Dot15d4CmdandDot15d4Data:
ConditionalField(PacketField("aux_sec_header", Dot15d4AuxSecurityHeader(), Dot15d4AuxSecurityHeader), lambda pkt:pkt.underlayer.getfieldval("fcf_security") is True)
to:
ConditionalField(PacketField("aux_sec_header", Dot15d4AuxSecurityHeader(), Dot15d4AuxSecurityHeader), lambda pkt:pkt.underlayer.getfieldval("fcf_security"))
- add this method to
Dot15d4AuxSecurityHeader:
def extract_padding(self, s):
return b'', s
Reactions are currently unavailable