feat(legacy): Ensure input's script type and path match the scriptPubKey.

legacy/firmware/.changelog.d/1018.changed

@@ -0,0 +1 @@
+Ensure input's script type and path match the scriptPubKey.

legacy/firmware/.changelog.d/1018.incompatible

@@ -0,0 +1 @@
+Trezor will refuse to sign UTXOs that do not match the provided derivation path (e.g., transactions belonging to a different wallet, or synthetic transaction inputs).

legacy/firmware/signing.c

@@ -2527,6 +2527,13 @@ void signing_txack(TransactionType *tx) {
 
       memcpy(&input, tx->inputs, sizeof(TxInputType));
 
+      if (!fill_input_script_pubkey(coin, &root, &input)) {
+        fsm_sendFailure(FailureType_Failure_ProcessError,
+                        _("Failed to derive scriptPubKey"));
+        signing_abort();
+        return;
+      }
+
       send_req_3_prev_meta();
       return;
     case STAGE_REQUEST_3_PREV_META:
@@ -2651,6 +2658,15 @@ void signing_txack(TransactionType *tx) {
           signing_abort();
           return;
         }
+        if (input.script_pubkey.size != tx->bin_outputs[0].script_pubkey.size ||
+            memcmp(input.script_pubkey.bytes,
+                   tx->bin_outputs[0].script_pubkey.bytes,
+                   input.script_pubkey.size) != 0) {
+          fsm_sendFailure(FailureType_Failure_DataError,
+                          _("Input does not match scriptPubKey"));
+          signing_abort();
+          return;
+        }
 #if !BITCOIN_ONLY
         if (coin->decred && tx->bin_outputs[0].decred_script_version > 0) {
           fsm_sendFailure(FailureType_Failure_DataError,