diff options
| author | wycats <wycats@gmail.com> | 2010-07-13 16:13:37 -0700 |
|---|---|---|
| committer | wycats <wycats@gmail.com> | 2010-07-13 16:13:54 -0700 |
| commit | 16bae77c568e3e2607ebcfb16a24b9cf6f53df8f (patch) | |
| tree | 0c56534c88420b81cb42af8df80eb44671b3165d | |
| parent | 00f49c74e8354e393ed4ffd6bfa8beb657c8920d (diff) | |
| download | rails-16bae77c568e3e2607ebcfb16a24b9cf6f53df8f.tar.gz rails-16bae77c568e3e2607ebcfb16a24b9cf6f53df8f.tar.bz2 rails-16bae77c568e3e2607ebcfb16a24b9cf6f53df8f.zip | |
Revert "Improve performance of MessageVerifier while keeping it constant time"
This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415.
| -rw-r--r-- | activesupport/lib/active_support/message_verifier.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index 1031662293..6c46b68eaf 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -47,11 +47,11 @@ module ActiveSupport def secure_compare(a, b) return false unless a.bytesize == b.bytesize - l = a.unpack "C*" + l = a.unpack "C#{a.bytesize}" - res = true - b.each_byte { |byte| res = (byte == l.shift) && res } - res + res = 0 + b.each_byte { |byte| res |= byte ^ l.shift } + res == 0 end def generate_digest(data) |