IEEE 802.15.4: Missing check on "PAN ID Present" bit of the Multipurpose Frame Control field
Summary
Hi, the current dissector in packet-ieee802154.c seems to forget to check the "PAN Id present" bit of a multi-purpose frame control frame, and thus wrongly dissects a frame having this bit set.
Steps to reproduce
Using a 802.15.4-2015 Multipurpose frame with "PAN Id present" bit set to 1. See attached capture as an example (warning, I can't guarantee the rest of the packet after the addressing information, it should be a Rendez-Vous IE and nothing more).
What is the current bug behavior?
The frame fails to decode. I can see the PAN Id (which is 0xabcd) is wrongly decoded as being the "destination".
What is the expected correct behavior?
Correct decoding of the PAN Id and then Destination and Source addresses.
If the bug is confirmed, the fix seems straight forward: apply the following change to https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-ieee802154.c#L1626
/* The second octet of the FCF is only present if the long frame control bit is set */
if (packet->long_frame_control) {
+ packet->pan_id_present = (fcf & IEEE802154_MPF_FCF_PAN_ID_PRESENT) >> 8;
packet->security_enable = (fcf & IEEE802154_MPF_FCF_SEC_EN) >> 9;
Please tell me if it helps that I create a pull-request with this change.
Sample capture file
invalid_802154_multipurpose_frame.pcapng.pcapng
Relevant logs and/or screenshots
Build information
3.4.7 (v3.4.7-0-ge42cbf6a)
Compiled (64-bit) with Qt 5.15.2, with libpcap, with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 (closed) support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler), with Minizip.
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz (with SSE4.2), with 32393 MB of physical memory, with locale French_France.utf8, with light display mode, without HiDPI, with Npcap version 1.31, based on libpcap version 1.10.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (21 loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.29, build 30037).