From 87ffd21543ba4df1e8b52e25e32f5e1cecff35f7 Mon Sep 17 00:00:00 2001
From: fastchain <at@symbiosis.finance>
Date: Thu, 13 Jun 2024 16:09:54 +0900
Subject: [PATCH] Update cmd_extras.c

This security fix ensures that the extra settings, cannot be silently disabled, if button control enabled. So the button control setting cannot be silently (without button push) disabled, even if the user's PC is fully compromised.
---
 src/hsm/cmd_extras.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c
index e0f26ba..d484b17 100644
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -28,6 +28,10 @@
 #include "mbedtls/chachapoly.h"
 
 int cmd_extras() {
+    //check button (if enabled)
+    if (wait_button_pressed() == true) { 
+                return SW_SECURE_MESSAGE_EXEC_ERROR();
+        }
     if (P1(apdu) == 0xA) { //datetime operations
         if (P2(apdu) != 0x0) {
             return SW_INCORRECT_P1P2();