From 9212138ad0a9ae3285a2566300afb7d94344214a Mon Sep 17 00:00:00 2001
From: Jeffrey Hardy <packagethief@gmail.com>
Date: Mon, 5 Oct 2009 08:27:54 -0400
Subject: MessageVerifier#verify raises InvalidSignature if the signature is
 blank

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 activesupport/lib/active_support/message_verifier.rb | 2 ++
 activesupport/test/message_verifier_test.rb          | 5 +++++
 2 files changed, 7 insertions(+)

(limited to 'activesupport')

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 74e080a23d..fcdc09ff08 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -26,6 +26,8 @@ module ActiveSupport
     end
     
     def verify(signed_message)
+      raise InvalidSignature if signed_message.blank?
+
       data, digest = signed_message.split("--")
       if secure_compare(digest, generate_digest(data))
         Marshal.load(ActiveSupport::Base64.decode64(data))
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index 4f8837ba4e..e6370bc3db 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -18,6 +18,11 @@ class MessageVerifierTest < Test::Unit::TestCase
     assert_equal @data, @verifier.verify(message)
   end
 
+  def test_missing_signature_raises
+    assert_not_verified(nil)
+    assert_not_verified("")
+  end
+
   def test_tampered_data_raises
     data, hash = @verifier.generate(@data).split("--")
     assert_not_verified("#{data.reverse}--#{hash}")
-- 
cgit v1.2.3