aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYehuda Katz <wycats@gmail.com>2009-09-12 14:35:03 -0500
committerYehuda Katz <wycats@gmail.com>2009-09-12 14:35:03 -0500
commita8a336cbfc55f91dc8befaad2425ff42085a1a4f (patch)
tree91e792c27741d5a077a925fb49cc024bac2f66b2
parent7152a4e9a654ccd0b9fefdcf34dc6aac655a727a (diff)
downloadrails-a8a336cbfc55f91dc8befaad2425ff42085a1a4f.tar.gz
rails-a8a336cbfc55f91dc8befaad2425ff42085a1a4f.tar.bz2
rails-a8a336cbfc55f91dc8befaad2425ff42085a1a4f.zip
Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite
This reverts commit 5de75398c495f109772b622291362a98bc6c21d1.
-rw-r--r--activesupport/lib/active_support/message_verifier.rb15
1 files changed, 9 insertions, 6 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 5596784eff..8d14423d91 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -38,21 +38,24 @@ module ActiveSupport
end
private
- if "foo".respond_to?(:bytesize)
+ if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks
- # > 1.8.6 friendly version
def secure_compare(a, b)
- if a.bytesize == b.bytesize
+ a = a.force_encoding(Encoding::BINARY)
+ b = b.force_encoding(Encoding::BINARY)
+
+ if a.length == b.length
result = 0
- j = b.each_byte
- a.each_byte { |i| result |= i ^ j.next }
+ for i in 0..(a.length - 1)
+ result |= a[i].ord ^ b[i].ord
+ end
result == 0
else
false
end
end
else
- # For <= 1.8.6
+ # For 1.8
def secure_compare(a, b)
if a.length == b.length
result = 0