From 38134732dc3d74d6d96494a1e9828eeed4c00ba0 Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Fri, 19 Nov 2021 00:37:39 +0100
Subject: [PATCH] fix(legacy): Ensure user is warned about non-standard paths.

---
 legacy/firmware/.changelog.d/noissue.security | 1 +
 legacy/firmware/signing.c                     | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 legacy/firmware/.changelog.d/noissue.security

diff --git a/legacy/firmware/.changelog.d/noissue.security b/legacy/firmware/.changelog.d/noissue.security
new file mode 100644
index 000000000..dc6ae541f
--- /dev/null
+++ b/legacy/firmware/.changelog.d/noissue.security
@@ -0,0 +1 @@
+Ensure that the user is always warned about non-standard paths.
diff --git a/legacy/firmware/signing.c b/legacy/firmware/signing.c
index 7d1e37f84..4071b1914 100644
--- a/legacy/firmware/signing.c
+++ b/legacy/firmware/signing.c
@@ -702,6 +702,14 @@ static bool derive_node(TxInputType *tinput) {
   if (!coin_path_check(coin, tinput->script_type, tinput->address_n_count,
                        tinput->address_n, tinput->has_multisig,
                        CoinPathCheckLevel_BASIC)) {
+    if (is_replacement) {
+      fsm_sendFailure(
+          FailureType_Failure_ProcessError,
+          _("Non-standard paths not allowed in replacement transactions."));
+      layoutHome();
+      return false;
+    }
+
     if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) {
       fsm_sendFailure(FailureType_Failure_DataError, _("Forbidden key path"));
       signing_abort();