Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Patched ActiveSupport::MessageVerifier#secure_compare for ruby1.9.

  • Loading branch information...
commit fd7d833c5ff5f2e5dd80c437ecf589765202d0b4 1 parent d8a9c09
@benhoskings benhoskings authored
Showing with 17 additions and 0 deletions.
  1. +17 −0 config/initializers/patch_message_verifier_for_ruby_19.rb
View
17 config/initializers/patch_message_verifier_for_ruby_19.rb
@@ -0,0 +1,17 @@
+module ActiveSupport
+ class MessageVerifier
+ private
+ # constant-time comparison algorithm to prevent timing attacks
+ def secure_compare(a, b)
+ if a.length == b.length
+ result = 0
+ for i in 0..(a.length - 1)
+ result |= a[i].ord ^ b[i].ord # #ord calls added for ruby1.9
+ end
+ result == 0
+ else
+ false
+ end
+ end
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.