feat(legacy): Validate script type of change-outputs in Bitcoin signing.

2 years ago · 8486aa4ed4
parent 423ce75b4f
commit 8486aa4ed4
3 changed files with 28 additions and 5 deletions
--- a/legacy/firmware/.changelog.d/noissue.security
+++ b/legacy/firmware/.changelog.d/noissue.security
@ -0,0 +1 @@
+Match and validate script type of change-outputs in Bitcoin signing.
--- a/legacy/firmware/signing.c
+++ b/legacy/firmware/signing.c
@ -2127,7 +2127,12 @@ static bool is_change_output(const TxInfo *tx_info,
  }

  /*
-   * For multisig check that all inputs are multisig
+   * Check the multisig fingerprint only for multisig outputs. This means that
+   * a transfer from a multisig account to a singlesig account is treated as a
+   * change-output as long as all other change-output conditions are satisfied.
+   * This goes a bit against the concept of a multisig account, but the other
+   * cosigners will notice that they are relinquishing control of the funds, so
+   * there is no security risk.
   */
  if (txoutput->has_multisig && !check_change_multisig_fp(tx_info, txoutput)) {
    return false;
@ -2184,6 +2189,23 @@ static bool signing_add_output(TxOutputType *txoutput) {
    }
  }

+  // If address_n is specified, then check that the script type matches.
+  if (txoutput->address_n_count != 0) {
+    InputScriptType script_type = 0;
+    if (!change_output_to_input_script_type(txoutput->script_type,
+                                            &script_type)) {
+      fsm_sendFailure(FailureType_Failure_DataError,
+                      _("Unsupported script type."));
+      signing_abort();
+      return false;
+    }
+
+    if (!validate_path(script_type, txoutput->address_n_count,
+                       txoutput->address_n, txoutput->has_multisig)) {
+      return false;
+    }
+  }
+
  // Skip confirmation of change-outputs and skip output confirmation altogether
  // in replacement transactions.
  bool skip_confirm = is_change || is_replacement || (is_coinjoin == sectrue);
--- a/tests/ui_tests/fixtures.json
+++ b/tests/ui_tests/fixtures.json
@ -162,8 +162,8 @@
 "T1_bitcoin-test_multisig.py::test_attack_change_input": "d8731108a403d5853de526b27e506d00909603ec0c89d1c20f917ca2ef012ab3",
 "T1_bitcoin-test_multisig.py::test_missing_pubkey": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 "T1_bitcoin-test_multisig_change.py::test_external_external": "e4a9c75e35046d5605d3663717ec025e7c7919ce757cdd9df66eba3bd7790d1d",
-"T1_bitcoin-test_multisig_change.py::test_external_internal": "9df8e8259d7b1dab24f0500aa2d39c89fca8f5d034a033e09d44f138971c6bae",
-"T1_bitcoin-test_multisig_change.py::test_internal_external": "97f523da0eee9d16b01d39800b283fce265979ce6906798d948a3cf5f850bb90",
+"T1_bitcoin-test_multisig_change.py::test_external_internal": "c3cc02dc9d002d8f392887248348fce3322f0fea2860d755a08fe5d9f7b21ffc",
+"T1_bitcoin-test_multisig_change.py::test_internal_external": "7a3a1e10b1b14561e2afb63650c1a6273e05232e90bfba15fd0f1bdb131c7d51",
 "T1_bitcoin-test_multisig_change.py::test_multisig_change_match_first": "602f0669af9084a07900170c00699512d1cd4646aba7ddcebf6af05e36eb224b",
 "T1_bitcoin-test_multisig_change.py::test_multisig_change_match_second": "ee110f116e966f842ffc174e3ab55e951aec31b1f0433fc697c9d7aaed3d7060",
 "T1_bitcoin-test_multisig_change.py::test_multisig_external_external": "0c398595da3162afee0f4734a155c0cf8d96b830350b58670b47aba40659e3cc",
@ -324,8 +324,8 @@
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_both": "6634ded2c8af78bba59dd7ff2206d15b47f8637471e5b27f47b96df122239509",
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_1": "b546ea334d8cbf87ea09f44b502a7cbb1be5a6db6180c6fd2046ee413e4ff4bb",
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_2": "c5827829de525396d4f2e089f08a215a7cffd94883fa5a39fc55fc3f88a81e28",
-"T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_3_change": "e7a23d38028295e8a4efa6cbf61da5c969125ecc505540e9ba53728494c557de",
-"T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_4_change": "e6511ebd8b45ea980d5bcffcaf3ea11a133ee4d1e00f2861db17060e37ffdbb2",
+"T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_3_change": "82b3602530533c35f4e2bdd2af5e6795e4bb75667efcccd13270292c3eb75669",
+"T1_bitcoin-test_signtx_segwit_native.py::test_send_multisig_4_change": "e147ba0984c8ee2d74ce76293315529db61dffd148cf83bf5b50eb0a95fc3e6d",
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_native": "f2be7c23251127b50596f1a772a9eb933e0b1cef4c30afbc912930d1413f8694",
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_native_change": "e84023fa44000c99018eb95e4fd29a423c140f44d3ac9918be0b2854baffc93c",
 "T1_bitcoin-test_signtx_segwit_native.py::test_send_p2sh": "a4177cc812c88b18a3bec937adb2d286107833dcb52096a1bb26652975f93276",
				`@ -0,0 +1 @@`
				`Match and validate script type of change-outputs in Bitcoin signing.`