feat(core): introduce and enforce limit on label length (fixes #1399)

core/CHANGELOG.md

@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Bump nanopb dependency to 0.4.4.  [#1402]
 - Automatic breaking text on whitespace.  [#1384]
+- Introduced limit of 32 characters for device label.  [#1399]
 
 ### Deprecated
 
@@ -357,4 +358,5 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1351]: https://github.com/trezor/trezor-firmware/issues/1351
 [#1363]: https://github.com/trezor/trezor-firmware/pull/1363
 [#1384]: https://github.com/trezor/trezor-firmware/issues/1384
+[#1399]: https://github.com/trezor/trezor-firmware/issues/1399
 [#1402]: https://github.com/trezor/trezor-firmware/pull/1402

core/src/apps/management/apply_settings.py

@@ -58,6 +58,8 @@ async def apply_settings(ctx: wire.Context, msg: ApplySettings):
             raise wire.DataError("Invalid homescreen")
 
     if msg.label is not None:
+        if len(msg.label) > storage.device.LABEL_MAXLENGTH:
+            raise wire.DataError("Label too long")
         await require_confirm_change_label(ctx, msg.label)
         storage.device.set_label(msg.label)
 

core/src/storage/device.py

@@ -48,6 +48,7 @@ if False:
 # fmt: on
 
 HOMESCREEN_MAXSIZE = 16384
+LABEL_MAXLENGTH = 32
 
 if __debug__:
     AUTOLOCK_DELAY_MINIMUM = 10 * 1000  # 10 seconds
@@ -111,6 +112,8 @@ def get_label() -> Optional[str]:
 
 
 def set_label(label: str) -> None:
+    if len(label) > LABEL_MAXLENGTH:
+        raise ValueError  # label too long
     common.set(_NAMESPACE, _LABEL, label.encode(), True)  # public
 
 

tests/device_tests/test_msg_applysettings.py

@@ -257,3 +257,9 @@ class TestMsgApplysettings:
         with pytest.raises(exceptions.TrezorFailure, match="DataError"), client:
             client.set_expected_responses([messages.Failure])
             experimental_call()
+
+    @pytest.mark.setup_client(pin=None)
+    def test_label_too_long(self, client):
+        with pytest.raises(exceptions.TrezorFailure), client:
+            client.set_expected_responses([messages.Failure])
+            device.apply_settings(client, label="A" * 33)

tests/ui_tests/fixtures.json

@@ -81,6 +81,7 @@
 "test_msg_applysettings.py-test_apply_settings_passphrase_on_device": "3e6527e227bdde54f51bc9c417b176d0d87fdb6c40c4761368f50eb201b4beed",
 "test_msg_applysettings.py-test_apply_settings_rotation": "6f0fa323dd2c82d01994273c023d3ed5e43d43c9c562664a10266f4a7f7ba4cc",
 "test_msg_applysettings.py-test_experimental_features": "3127d41bd8615097295b917110ece9dd364986809288c7f958ff71d52106e346",
+"test_msg_applysettings.py-test_label_too_long": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_applysettings.py-test_safety_checks": "4d37de3654678b7f16643cf4ef912a0bced545e0e0526e41ea0c9b820560344e",
 "test_msg_authorize_coinjoin.py::test_cancel_authorization": "d8a608beb6165f5667cc44dcff6bdc17ebb4638ddd3bd09e7f0e1e75d1e21135",
 "test_msg_authorize_coinjoin.py::test_no_anonymity": "fd09da284b650e893990b95047b63a35b6b695fc5301d595f17a6d2cf9d90bcb",