mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-04-02 08:25:44 +00:00
fix(legacy): Don't allow unknown paths in GetAddress.
This commit is contained in:
parent
3e9f8a32ac
commit
9b0e980c44
1
legacy/firmware/.changelog.d/noissue.security
Normal file
1
legacy/firmware/.changelog.d/noissue.security
Normal file
@ -0,0 +1 @@
|
||||
Don't show addresses that have an unrecognized path.
|
@ -540,6 +540,14 @@ static bool check_cointype(const CoinInfo *coin, uint32_t slip44, bool full) {
|
||||
bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
|
||||
uint32_t address_n_count, const uint32_t *address_n,
|
||||
bool full) {
|
||||
// If full == true, this function checks that the path is a recognized path
|
||||
// for the given coin. Used by GetAddress to prevent ransom attacks where a
|
||||
// user could be coerced to use an address with an unenumerable path.
|
||||
// If full == false, this function checks that a coin without strong replay
|
||||
// protection doesn't access paths that are known to be used by another coin.
|
||||
// Used by SignTx to ensure that a user cannot be coerced into signing a
|
||||
// testnet transaction or a Litecoin transaction which in fact spends Bitcoin.
|
||||
|
||||
bool valid = true;
|
||||
// m/44' : BIP44 Legacy
|
||||
// m / purpose' / coin_type' / account' / change / address_index
|
||||
@ -740,6 +748,6 @@ bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
|
||||
return valid;
|
||||
}
|
||||
|
||||
// we don't check unknown paths
|
||||
return true;
|
||||
// we allow unknown paths when a full check is not required
|
||||
return !full;
|
||||
}
|
||||
|
@ -17,6 +17,7 @@
|
||||
import pytest
|
||||
|
||||
from trezorlib import btc, messages, tools
|
||||
from trezorlib.exceptions import TrezorFailure
|
||||
|
||||
VECTORS = ( # path, script_type, address
|
||||
(
|
||||
@ -51,6 +52,17 @@ def test_show(client, path, script_type, address):
|
||||
)
|
||||
|
||||
|
||||
def test_show_unrecognized_path(client):
|
||||
with pytest.raises(TrezorFailure):
|
||||
btc.get_address(
|
||||
client,
|
||||
"Bitcoin",
|
||||
tools.parse_path("m/24684621h/516582h/5156h/21/856"),
|
||||
script_type=messages.InputScriptType.SPENDWITNESS,
|
||||
show_display=True,
|
||||
)
|
||||
|
||||
|
||||
@pytest.mark.multisig
|
||||
def test_show_multisig_3(client):
|
||||
node = btc.get_public_node(
|
||||
|
Loading…
Reference in New Issue
Block a user