Browse files

Dup the arguments to string compare so we can use force_encoding.

  • Loading branch information...
1 parent 095cf91 commit 76e971ecfbb55981ce6ee6ee97dc7d35c511a3f0 @NZKoz NZKoz committed Sep 13, 2009
Showing with 2 additions and 2 deletions.
  1. +2 −2 actionpack/lib/action_controller/session/cookie_store.rb
View
4 actionpack/lib/action_controller/session/cookie_store.rb
@@ -168,8 +168,8 @@ def clear_old_cookie_value
if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
- a = a.force_encoding(Encoding::BINARY)
- b = b.force_encoding(Encoding::BINARY)
+ a = a.dup.force_encoding(Encoding::BINARY)
+ b = b.dup.force_encoding(Encoding::BINARY)
if a.length == b.length
result = 0

0 comments on commit 76e971e

Please sign in to comment.