From 69aa5e8a86b1d33e057076dc6049e37c92b0e50f Mon Sep 17 00:00:00 2001
From: Pratik Naik <pratiknaik@gmail.com>
Date: Fri, 9 Oct 2009 02:26:08 +0100
Subject: Ensure MessageVerifier raises appropriate exception on tampered data

---
 activesupport/lib/active_support/message_verifier.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'activesupport/lib/active_support')

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index fcdc09ff08..282346b1a6 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -29,7 +29,7 @@ module ActiveSupport
       raise InvalidSignature if signed_message.blank?
 
       data, digest = signed_message.split("--")
-      if secure_compare(digest, generate_digest(data))
+      if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
         Marshal.load(ActiveSupport::Base64.decode64(data))
       else
         raise InvalidSignature
-- 
cgit v1.2.3