arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00
Code Issues Releases Wiki Activity

fix(legacy/firmware): improve pin length bound check

Browse Source
This commit is contained in:
Martin Milata 2021-12-03 17:19:20 +01:00
parent cace42c6e9
commit 1e5e970fd1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
legacy/firmware/config.c
View File

@ -318,8 +318,10 @@ static secbool config_upgrade_v10(void) {
storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN); storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL); storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL);
if (config.has_pin) { if (config.has_pin) {
size_t pin_len =
MIN(strnlen(config.pin, sizeof(config.pin)), (size_t)MAX_PIN_LEN);
storage_change_pin(PIN_EMPTY, PIN_EMPTY_LEN, (const uint8_t *)config.pin, storage_change_pin(PIN_EMPTY, PIN_EMPTY_LEN, (const uint8_t *)config.pin,
strnlen(config.pin, MAX_PIN_LEN), NULL, NULL); pin_len, NULL, NULL);
} }
while (pin_wait != 0) { while (pin_wait != 0) {