From b22c951e7adabe8d37ee2804487c267d5e2006b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Ku=C5=BAma?= <qoobaa@gmail.com>
Date: Fri, 11 Sep 2009 09:13:14 +0200
Subject: ruby 1.9 friendly secure_compare

Signed-off-by: Michael Koziarski <michael@koziarski.com>
---
 activesupport/lib/active_support/message_verifier.rb | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'activesupport/lib/active_support/message_verifier.rb')

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 8d14423d91..5596784eff 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -38,24 +38,21 @@ module ActiveSupport
     end
     
     private
-      if "foo".respond_to?(:force_encoding)
+      if "foo".respond_to?(:bytesize)
         # constant-time comparison algorithm to prevent timing attacks
+        # > 1.8.6 friendly version
         def secure_compare(a, b)
-          a = a.force_encoding(Encoding::BINARY)
-          b = b.force_encoding(Encoding::BINARY)
-
-          if a.length == b.length
+          if a.bytesize == b.bytesize
             result = 0
-            for i in 0..(a.length - 1)
-              result |= a[i].ord ^ b[i].ord
-            end
+            j = b.each_byte
+            a.each_byte { |i| result |= i ^ j.next }
             result == 0
           else
             false
           end
         end
       else
-        # For 1.8
+        # For <= 1.8.6
         def secure_compare(a, b)
           if a.length == b.length
             result = 0
-- 
cgit v1.2.3