Ensure MessageVerifier raises appropriate exception on tampered data

2 files changed, 2 insertions, 1 deletions

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index fcdc09ff08..282346b1a6 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -29,7 +29,7 @@ module ActiveSupport
       raise InvalidSignature if signed_message.blank?
 
       data, digest = signed_message.split("--")
-      if secure_compare(digest, generate_digest(data))
+      if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
         Marshal.load(ActiveSupport::Base64.decode64(data))
       else
         raise InvalidSignature
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index e6370bc3db..ef300e4e26 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -27,6 +27,7 @@ class MessageVerifierTest < Test::Unit::TestCase
     data, hash = @verifier.generate(@data).split("--")
     assert_not_verified("#{data.reverse}--#{hash}")
     assert_not_verified("#{data}--#{hash.reverse}")
+    assert_not_verified("purejunk")
   end
 
   def assert_not_verified(message)