From 1bc1bb1e774e210c9d43c9c60ea1dbab272e47d6 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Tue, 20 Feb 2018 15:27:24 +0100 Subject: [PATCH] Less paranoid change outputs. - Allow change to be on the main chain (see spesmilo/electrum#3920). - Allow more than one output to the Trezor, but don't treat it as change. --- firmware/signing.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/firmware/signing.c b/firmware/signing.c index c449759..3c70034 100644 --- a/firmware/signing.c +++ b/firmware/signing.c @@ -389,7 +389,7 @@ bool check_change_bip32_path(const TxOutputType *toutput) && count == in_address_n_count && 0 == memcmp(in_address_n, toutput->address_n, (count - BIP32_WALLET_DEPTH) * sizeof(uint32_t)) - && toutput->address_n[count - 2] == BIP32_CHANGE_CHAIN + && toutput->address_n[count - 2] <= BIP32_CHANGE_CHAIN && toutput->address_n[count - 1] <= BIP32_MAX_LAST_ELEMENT); } @@ -565,9 +565,8 @@ static bool signing_check_output(TxOutputType *txoutput) { if (change_spend == 0) { // not set change_spend = txoutput->amount; } else { - fsm_sendFailure(FailureType_Failure_DataError, _("Only one change output allowed")); - signing_abort(); - return false; + /* We only skip confirmation for the first change output */ + is_change = false; } }