From a4e1e5d6329f31cb5a1ee7561fdf05dd5559ef7c Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Wed, 15 May 2013 19:41:04 +0530 Subject: Use `Base.strict_decode64` instead of `Base.decode64` just as we do in encoding; Also reduce extra object allocation by creating string directly instead of join on Array --- activesupport/lib/active_support/message_verifier.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'activesupport/lib/active_support/message_verifier.rb') diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index e0cd92ae3c..a35d5980fe 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -37,7 +37,11 @@ module ActiveSupport data, digest = signed_message.split("--") if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) - @serializer.load(::Base64.decode64(data)) + begin + @serializer.load(::Base64.strict_decode64(data)) + rescue ArgumentError + raise InvalidSignature + end else raise InvalidSignature end -- cgit v1.2.3 From 1f80e8d6856837dd78a4af756e1b26cf06b17fc2 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Sun, 8 Dec 2013 00:26:09 +0530 Subject: PR #10635 introduces rescue from ArgumentError thrown by `Base64.strict_decode64`. This broke natural order of things for `StaleSessionCheck#stale_session_check!` which tried auto_loading a class based on `ArgumentError` message , and later retrying the `Marshal#load` of class, successfully allowing auto_loading. This PR tries to fix this behavior by forwarding `ArgumentError` 's not raised by `Base64.strict_decode64` , as is, ahead to `StaleSessionCheck#stale_session_check!` --- activesupport/lib/active_support/message_verifier.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'activesupport/lib/active_support/message_verifier.rb') diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index a35d5980fe..8e6e1dcfeb 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -39,8 +39,9 @@ module ActiveSupport if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) begin @serializer.load(::Base64.strict_decode64(data)) - rescue ArgumentError - raise InvalidSignature + rescue ArgumentError => argument_error + raise InvalidSignature if argument_error.message =~ %r{invalid base64} + raise end else raise InvalidSignature -- cgit v1.2.3