kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite

Browse source 
This reverts commit 5de75398c4.
This commit is contained in:
Yehuda Katz 2009-09-12 14:35:03 -05:00
parent 7152a4e9a6
commit a8a336cbfc
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
activesupport/lib/active_support/message_verifier.rb
View file

@ -38,21 +38,24 @@ module ActiveSupport
end end
private private
if "foo".respond_to?(:bytesize) if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks # constant-time comparison algorithm to prevent timing attacks
# > 1.8.6 friendly version
def secure_compare(a, b) def secure_compare(a, b)
if a.bytesize == b.bytesize a = a.force_encoding(Encoding::BINARY)
b = b.force_encoding(Encoding::BINARY)
if a.length == b.length
result = 0 result = 0
j = b.each_byte for i in 0..(a.length - 1)
a.each_byte { |i| result |= i ^ j.next } result |= a[i].ord ^ b[i].ord
end
result == 0 result == 0
else else
false false
end end
end end
else else
# For <= 1.8.6 # For 1.8
def secure_compare(a, b) def secure_compare(a, b)
if a.length == b.length if a.length == b.length
result = 0 result = 0