From aeab739bd56c0bff6d1b5685eee35e557484ab4c Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Tue, 8 Sep 2009 14:05:33 +0900
Subject: Ruby 1.9: fix MessageVerifier#secure_compare

---
 .../lib/active_support/message_verifier.rb         | 36 ++++++++++++++++------
 1 file changed, 27 insertions(+), 9 deletions(-)

(limited to 'activesupport')

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index aae5a3416d..8d14423d91 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -38,16 +38,34 @@ module ActiveSupport
     end
     
     private
-      # constant-time comparison algorithm to prevent timing attacks
-      def secure_compare(a, b)
-        if a.length == b.length
-          result = 0
-          for i in 0..(a.length - 1)
-            result |= a[i] ^ b[i]
+      if "foo".respond_to?(:force_encoding)
+        # constant-time comparison algorithm to prevent timing attacks
+        def secure_compare(a, b)
+          a = a.force_encoding(Encoding::BINARY)
+          b = b.force_encoding(Encoding::BINARY)
+
+          if a.length == b.length
+            result = 0
+            for i in 0..(a.length - 1)
+              result |= a[i].ord ^ b[i].ord
+            end
+            result == 0
+          else
+            false
+          end
+        end
+      else
+        # For 1.8
+        def secure_compare(a, b)
+          if a.length == b.length
+            result = 0
+            for i in 0..(a.length - 1)
+              result |= a[i] ^ b[i]
+            end
+            result == 0
+          else
+            false
           end
-          result == 0
-        else
-          false
         end
       end
 
-- 
cgit v1.2.3