trezor: limit passphrase length

6 years ago · 54ce6f2cec
parent a1047ba7b1
commit 54ce6f2cec
1 changed files with 5 additions and 0 deletions
--- a/libagent/device/trezor.py
+++ b/libagent/device/trezor.py
@ -90,6 +90,11 @@ class Trezor(interface.Device):
                    passphrase = mnemonic.Mnemonic.normalize_string(passphrase)
                    ack = self._defs.PassphraseAck(passphrase=passphrase)

+                length = len(ack.passphrase)
+                if length > 50:
+                    msg = 'Too long passphrase ({} chars)'.format(length)
+                    raise ValueError(msg)
+
                self.__class__.cached_passphrase_ack = ack
                return ack
            except:  # noqa