mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite
This reverts commit 5de75398c4
.
This commit is contained in:
parent
7152a4e9a6
commit
a8a336cbfc
1 changed files with 9 additions and 6 deletions
|
@ -38,21 +38,24 @@ module ActiveSupport
|
|||
end
|
||||
|
||||
private
|
||||
if "foo".respond_to?(:bytesize)
|
||||
if "foo".respond_to?(:force_encoding)
|
||||
# constant-time comparison algorithm to prevent timing attacks
|
||||
# > 1.8.6 friendly version
|
||||
def secure_compare(a, b)
|
||||
if a.bytesize == b.bytesize
|
||||
a = a.force_encoding(Encoding::BINARY)
|
||||
b = b.force_encoding(Encoding::BINARY)
|
||||
|
||||
if a.length == b.length
|
||||
result = 0
|
||||
j = b.each_byte
|
||||
a.each_byte { |i| result |= i ^ j.next }
|
||||
for i in 0..(a.length - 1)
|
||||
result |= a[i].ord ^ b[i].ord
|
||||
end
|
||||
result == 0
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
else
|
||||
# For <= 1.8.6
|
||||
# For 1.8
|
||||
def secure_compare(a, b)
|
||||
if a.length == b.length
|
||||
result = 0
|
||||
|
|
Loading…
Reference in a new issue