File tree Expand file tree Collapse file tree 1 file changed +14
-1
lines changed
Expand file tree Collapse file tree 1 file changed +14
-1
lines changed Original file line number Diff line number Diff line change @@ -59,7 +59,7 @@ def valid?
5959 signature_basestring = [ version , timestamp , body ] . join ( ':' )
6060 hex_hash = OpenSSL ::HMAC . hexdigest ( digest , signing_secret , signature_basestring )
6161 computed_signature = [ version , hex_hash ] . join ( '=' )
62- computed_signature == signature
62+ secure_compare ( computed_signature , signature )
6363 end
6464
6565 # Validates the request signature and its expiration.
@@ -69,6 +69,19 @@ def verify!
6969
7070 true
7171 end
72+
73+ private
74+
75+ def secure_compare ( computed_signature , signature )
76+ return false if computed_signature . bytesize != signature . bytesize
77+
78+ l = computed_signature . unpack "C#{ computed_signature . bytesize }
79+
80+ result = 0
81+ signature . each_byte { |byte | result |= byte ^ l . shift }
82+
83+ result . zero?
84+ end
7285 end
7386 end
7487end
You can’t perform that action at this time.
0 commit comments