1 files changed, 7 insertions, 1 deletions

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index e0cd92ae3c..6cb2884fb7 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -27,6 +27,7 @@ module ActiveSupport
     class InvalidSignature < StandardError; end
 
     def initialize(secret, options = {})
+      raise ArgumentError, 'Secret should not be nil.' unless secret
       @secret = secret
       @digest = options[:digest] || 'SHA1'
       @serializer = options[:serializer] || Marshal
@@ -37,7 +38,12 @@ module ActiveSupport
 
       data, digest = signed_message.split("--")
       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
-        @serializer.load(::Base64.decode64(data))
+        begin
+          @serializer.load(::Base64.strict_decode64(data))
+        rescue ArgumentError => argument_error
+          raise InvalidSignature if argument_error.message =~ %r{invalid base64}
+          raise
+        end
       else
         raise InvalidSignature
       end