feat(core): introduce and enforce limit on label length (fixes #1399)

2024-11-22 07:28:10 +00:00 · 2021-01-04 12:46:45 +01:00 · 2021-01-04 12:46:45 +01:00 · fc4e15fe77
commit fc4e15fe77
parent 58708cd70e
5 changed files with 14 additions and 0 deletions
--- a/core/CHANGELOG.md
+++ b/core/CHANGELOG.md
@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Bump nanopb dependency to 0.4.4.  [#1402]
 - Automatic breaking text on whitespace.  [#1384]
+- Introduced limit of 32 characters for device label.  [#1399]

 ### Deprecated

@ -357,4 +358,5 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1351]: https://github.com/trezor/trezor-firmware/issues/1351
 [#1363]: https://github.com/trezor/trezor-firmware/pull/1363
 [#1384]: https://github.com/trezor/trezor-firmware/issues/1384
+[#1399]: https://github.com/trezor/trezor-firmware/issues/1399
 [#1402]: https://github.com/trezor/trezor-firmware/pull/1402
--- a/core/src/apps/management/apply_settings.py
+++ b/core/src/apps/management/apply_settings.py
@ -58,6 +58,8 @@ async def apply_settings(ctx: wire.Context, msg: ApplySettings):
            raise wire.DataError("Invalid homescreen")

    if msg.label is not None:
+        if len(msg.label) > storage.device.LABEL_MAXLENGTH:
+            raise wire.DataError("Label too long")
        await require_confirm_change_label(ctx, msg.label)
        storage.device.set_label(msg.label)

--- a/core/src/storage/device.py
+++ b/core/src/storage/device.py
@ -48,6 +48,7 @@ if False:
 # fmt: on

 HOMESCREEN_MAXSIZE = 16384
+LABEL_MAXLENGTH = 32

 if __debug__:
    AUTOLOCK_DELAY_MINIMUM = 10 * 1000  # 10 seconds
@ -111,6 +112,8 @@ def get_label() -> Optional[str]:


 def set_label(label: str) -> None:
+    if len(label) > LABEL_MAXLENGTH:
+        raise ValueError  # label too long
    common.set(_NAMESPACE, _LABEL, label.encode(), True)  # public


--- a/tests/device_tests/test_msg_applysettings.py
+++ b/tests/device_tests/test_msg_applysettings.py
@ -257,3 +257,9 @@ class TestMsgApplysettings:
        with pytest.raises(exceptions.TrezorFailure, match="DataError"), client:
            client.set_expected_responses([messages.Failure])
            experimental_call()
+
+    @pytest.mark.setup_client(pin=None)
+    def test_label_too_long(self, client):
+        with pytest.raises(exceptions.TrezorFailure), client:
+            client.set_expected_responses([messages.Failure])
+            device.apply_settings(client, label="A" * 33)
--- a/tests/ui_tests/fixtures.json
+++ b/tests/ui_tests/fixtures.json
@ -81,6 +81,7 @@
 "test_msg_applysettings.py-test_apply_settings_passphrase_on_device": "3e6527e227bdde54f51bc9c417b176d0d87fdb6c40c4761368f50eb201b4beed",
 "test_msg_applysettings.py-test_apply_settings_rotation": "6f0fa323dd2c82d01994273c023d3ed5e43d43c9c562664a10266f4a7f7ba4cc",
 "test_msg_applysettings.py-test_experimental_features": "3127d41bd8615097295b917110ece9dd364986809288c7f958ff71d52106e346",
+"test_msg_applysettings.py-test_label_too_long": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_applysettings.py-test_safety_checks": "4d37de3654678b7f16643cf4ef912a0bced545e0e0526e41ea0c9b820560344e",
 "test_msg_authorize_coinjoin.py::test_cancel_authorization": "d8a608beb6165f5667cc44dcff6bdc17ebb4638ddd3bd09e7f0e1e75d1e21135",
 "test_msg_authorize_coinjoin.py::test_no_anonymity": "fd09da284b650e893990b95047b63a35b6b695fc5301d595f17a6d2cf9d90bcb",