diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md index 6f70ceca2..4cb02e008 100644 --- a/core/CHANGELOG.md +++ b/core/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Bump nanopb dependency to 0.4.4. [#1402] - Automatic breaking text on whitespace. [#1384] +- Introduced limit of 32 characters for device label. [#1399] ### Deprecated @@ -357,4 +358,5 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#1351]: https://github.com/trezor/trezor-firmware/issues/1351 [#1363]: https://github.com/trezor/trezor-firmware/pull/1363 [#1384]: https://github.com/trezor/trezor-firmware/issues/1384 +[#1399]: https://github.com/trezor/trezor-firmware/issues/1399 [#1402]: https://github.com/trezor/trezor-firmware/pull/1402 diff --git a/core/src/apps/management/apply_settings.py b/core/src/apps/management/apply_settings.py index 015094e42..dc5b5a006 100644 --- a/core/src/apps/management/apply_settings.py +++ b/core/src/apps/management/apply_settings.py @@ -58,6 +58,8 @@ async def apply_settings(ctx: wire.Context, msg: ApplySettings): raise wire.DataError("Invalid homescreen") if msg.label is not None: + if len(msg.label) > storage.device.LABEL_MAXLENGTH: + raise wire.DataError("Label too long") await require_confirm_change_label(ctx, msg.label) storage.device.set_label(msg.label) diff --git a/core/src/storage/device.py b/core/src/storage/device.py index bf53e0f85..55e7faf61 100644 --- a/core/src/storage/device.py +++ b/core/src/storage/device.py @@ -48,6 +48,7 @@ if False: # fmt: on HOMESCREEN_MAXSIZE = 16384 +LABEL_MAXLENGTH = 32 if __debug__: AUTOLOCK_DELAY_MINIMUM = 10 * 1000 # 10 seconds @@ -111,6 +112,8 @@ def get_label() -> Optional[str]: def set_label(label: str) -> None: + if len(label) > LABEL_MAXLENGTH: + raise ValueError # label too long common.set(_NAMESPACE, _LABEL, label.encode(), True) # public diff --git a/tests/device_tests/test_msg_applysettings.py b/tests/device_tests/test_msg_applysettings.py index 3b5566afa..06c908822 100644 --- a/tests/device_tests/test_msg_applysettings.py +++ b/tests/device_tests/test_msg_applysettings.py @@ -257,3 +257,9 @@ class TestMsgApplysettings: with pytest.raises(exceptions.TrezorFailure, match="DataError"), client: client.set_expected_responses([messages.Failure]) experimental_call() + + @pytest.mark.setup_client(pin=None) + def test_label_too_long(self, client): + with pytest.raises(exceptions.TrezorFailure), client: + client.set_expected_responses([messages.Failure]) + device.apply_settings(client, label="A" * 33) diff --git a/tests/ui_tests/fixtures.json b/tests/ui_tests/fixtures.json index 678c78c2a..041118fe0 100644 --- a/tests/ui_tests/fixtures.json +++ b/tests/ui_tests/fixtures.json @@ -81,6 +81,7 @@ "test_msg_applysettings.py-test_apply_settings_passphrase_on_device": "3e6527e227bdde54f51bc9c417b176d0d87fdb6c40c4761368f50eb201b4beed", "test_msg_applysettings.py-test_apply_settings_rotation": "6f0fa323dd2c82d01994273c023d3ed5e43d43c9c562664a10266f4a7f7ba4cc", "test_msg_applysettings.py-test_experimental_features": "3127d41bd8615097295b917110ece9dd364986809288c7f958ff71d52106e346", +"test_msg_applysettings.py-test_label_too_long": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586", "test_msg_applysettings.py-test_safety_checks": "4d37de3654678b7f16643cf4ef912a0bced545e0e0526e41ea0c9b820560344e", "test_msg_authorize_coinjoin.py::test_cancel_authorization": "d8a608beb6165f5667cc44dcff6bdc17ebb4638ddd3bd09e7f0e1e75d1e21135", "test_msg_authorize_coinjoin.py::test_no_anonymity": "fd09da284b650e893990b95047b63a35b6b695fc5301d595f17a6d2cf9d90bcb",