From: Guy Harris <guy@alum.mit.edu>
Date: Sat, 20 Apr 2019 09:27:41 +0000 (-0700)
Subject: Fix dissection of auxiliary security header.
X-Git-Tag: tcpdump-4.99-bp~821
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/5d29dda004c99926d5e55039e1df28d38a01645c

Fix dissection of auxiliary security header.

Fetch the value of the frame counter *before* we skip past it, and don't
add 1 to the current pointer into the header - we already incremented it
to skip the Security Control field.

Also, add a comment noting that in the 2003 spec, we don't have that
form of auxiliary security header.
---

diff --git a/print-802_15_4.c b/print-802_15_4.c
index cf9067d7..37f111bc 100644
--- a/print-802_15_4.c
+++ b/print-802_15_4.c
@@ -1539,13 +1539,13 @@ ieee802_15_4_print_aux_sec_header(netdissect_options *ndo,
 			ND_PRINT("[ERROR: Truncated before Frame Counter]");
 			return -1;
 		}
-		len += 4;
-		caplen -= 4;
-		p += 4;
 		if (ndo->ndo_vflag > 1) {
 			ND_PRINT("Frame Counter 0x%08x ",
-				 GET_LE_U_4(p + 1));
+				 GET_LE_U_4(p));
 		}
+		p += 4;
+		caplen -= 4;
+		len += 4;
 	}
 	switch (key_id_mode) {
 	case 0x00: /* Implicit. */
@@ -2008,6 +2008,13 @@ ieee802_15_4_std_frames(netdissect_options *ndo,
 	p += src_addr_len;
 	caplen -= src_addr_len;
 	if (CHECK_BIT(fc, 3)) {
+		/*
+		 * XXX - if frame_version is 0, this is the 2003
+		 * spec, and you don't have the auxiliary security
+		 * header, you have a frame counter and key index
+		 * for the AES-CTR and AES-CCM security suites but
+		 * not for the AES-CBC-MAC security suite.
+		 */
 		len = ieee802_15_4_print_aux_sec_header(ndo, p, caplen,
 							&security_level);
 		if (len < 0) {