Browse files

Dup the arguments to string compare so we can use force_encoding.

  • Loading branch information...
1 parent 81cba78 commit e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8 @NZKoz NZKoz committed Sep 12, 2009
Showing with 2 additions and 2 deletions.
  1. +2 −2 activesupport/lib/active_support/message_verifier.rb
@@ -41,8 +41,8 @@ def generate(value)
if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
- a = a.force_encoding(Encoding::BINARY)
- b = b.force_encoding(Encoding::BINARY)
+ a = a.dup.force_encoding(Encoding::BINARY)
+ b = b.dup.force_encoding(Encoding::BINARY)
if a.length == b.length
result = 0

3 comments on commit e590508

qoobaa commented on e590508 Sep 13, 2009

Is it a joke?

qoobaa commented on e590508 Sep 13, 2009

If you want to solve every encoding problem in this way, consider using my "force_encoding" gem - you can think about merging the gem into ActiveSupport as well ;-).

Peace guys.

NZKoz commented on e590508 Sep 13, 2009

No, the CI server broke with your original patch despite it working here for me on the same version.

Given how ... inconsequential this method is, it's easier to go with the simple fix which works and just park the whole discussion :)

Please sign in to comment.