1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-11 16:00:57 +00:00

client: properly sanitize and handle invalid inputs from UI functions

This commit is contained in:
matejcik 2018-12-03 16:56:01 +01:00
parent 3362f66724
commit 84339ae1ff

View File

@ -18,6 +18,8 @@ import logging
import sys
import warnings
from mnemonic import Mnemonic
from . import exceptions, messages, tools
if sys.version_info.major < 3:
@ -26,6 +28,7 @@ if sys.version_info.major < 3:
LOG = logging.getLogger(__name__)
VENDORS = ("bitcointrezor.com", "trezor.io")
MAX_PASSPHRASE_LENGTH = 50
DEPRECATION_ERROR = """
Incompatible Trezor library detected.
@ -109,6 +112,7 @@ class TrezorClient:
raise
if not pin.isdigit():
self.call_raw(messages.Cancel())
raise ValueError("Non-numeric PIN provided")
resp = self.call_raw(messages.PinMatrixAck(pin=pin))
@ -131,6 +135,11 @@ class TrezorClient:
self.call_raw(messages.Cancel())
raise
passphrase = Mnemonic.normalize_string(passphrase)
if len(passphrase) > MAX_PASSPHRASE_LENGTH:
self.call_raw(messages.Cancel())
raise ValueError("Passphrase too long")
resp = self.call_raw(messages.PassphraseAck(passphrase=passphrase))
if isinstance(resp, messages.PassphraseStateRequest):
self.state = resp.state