Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite

This reverts commit 5de75398c4.
2026-04-26 03:00:59 -04:00 · 2009-09-12 14:35:03 -05:00
parent 7152a4e9a6
commit a8a336cbfc
1 changed files with 9 additions and 6 deletions
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -38,21 +38,24 @@ module ActiveSupport
    end
    
    private
-      if "foo".respond_to?(:bytesize)
+      if "foo".respond_to?(:force_encoding)
        # constant-time comparison algorithm to prevent timing attacks
-        # > 1.8.6 friendly version
        def secure_compare(a, b)
-          if a.bytesize == b.bytesize
+          a = a.force_encoding(Encoding::BINARY)
+          b = b.force_encoding(Encoding::BINARY)
+
+          if a.length == b.length
            result = 0
-            j = b.each_byte
-            a.each_byte { |i| result |= i ^ j.next }
+            for i in 0..(a.length - 1)
+              result |= a[i].ord ^ b[i].ord
+            end
            result == 0
          else
            false
          end
        end
      else
-        # For <= 1.8.6
+        # For 1.8
        def secure_compare(a, b)
          if a.length == b.length
            result = 0