[PATCH net-next v1 3/4] net: hsr: require valid EOT supervision TLV

Next message: Vlastimil Babka (SUSE): "Re: [PATCH v4 06/21] mm/vma: remove superfluous map-&gt;hold_file_rmap_lock"
Previous message: luka . gejak: "[PATCH net-next v1 2/4] net: hsr: fix VLAN add unwind on slave errors"
In reply to: Felix Maurer: "Re: [PATCH net-next v1 2/4] net: hsr: fix VLAN add unwind on slave errors"
Next in thread: Felix Maurer: "Re: [PATCH net-next v1 3/4] net: hsr: require valid EOT supervision TLV"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: luka . gejak

Date: Tue Mar 24 2026 - 10:37:28 EST

From: Luka Gejak <luka.gejak@xxxxxxxxx>

Supervision frames are only valid if terminated with a zero-length EOT
TLV. The current check fails to reject non-EOT entries as the terminal
TLV, potentially allowing malformed supervision traffic.

Fix this by strictly requiring the terminal TLV to be HSR_TLV_EOT
with a length of zero.

Signed-off-by: Luka Gejak <luka.gejak@xxxxxxxxx>
---
net/hsr/hsr_forward.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c
index aefc9b6936ba..d26c7d0e8109 100644
--- a/net/hsr/hsr_forward.c
+++ b/net/hsr/hsr_forward.c
@@ -110,7 +110,7 @@ static bool is_supervision_frame(struct hsr_priv *hsr, struct sk_buff *skb)
}

/* end of tlvs must follow at the end */
- if (hsr_sup_tlv->HSR_TLV_type == HSR_TLV_EOT &&
+ if (hsr_sup_tlv->HSR_TLV_type != HSR_TLV_EOT ||
hsr_sup_tlv->HSR_TLV_length != 0)
return false;

--
2.53.0