diff options
| author | Chris McDonough <chrism@plope.com> | 2011-04-25 13:39:37 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2011-04-25 13:39:37 -0400 |
| commit | 7e655f50decd44ae9118700e5d00d668bab6788c (patch) | |
| tree | 3499c553e5651f018771fe96e3e7b73be65f3508 | |
| parent | f4f1667e992fb6b3e8f6185bfe62f4d37aeaf687 (diff) | |
| parent | bf6be9eae4d0be7789effd36875148b6319d77e1 (diff) | |
| download | pyramid-7e655f50decd44ae9118700e5d00d668bab6788c.tar.gz pyramid-7e655f50decd44ae9118700e5d00d668bab6788c.tar.bz2 pyramid-7e655f50decd44ae9118700e5d00d668bab6788c.zip | |
Merge branch 'master' of github.com:Pylons/pyramid
| -rw-r--r-- | CONTRIBUTORS.txt | 1 | ||||
| -rw-r--r-- | pyramid/session.py | 6 |
2 files changed, 3 insertions, 4 deletions
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 5a72f242e..75f9e9166 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -135,3 +135,4 @@ Contributors - Juliusz Gonera, 2011/04/17 +- Philip Jenvey, 2011/04/24 diff --git a/pyramid/session.py b/pyramid/session.py index 4e63ef460..5772c80d0 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -276,14 +276,12 @@ def signed_deserialize(serialized, secret, hmac=hmac): sig = hmac.new(secret, pickled, sha1).hexdigest() - # Avoid timing attacks (see - # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf) - if len(sig) != len(input_sig): raise ValueError('Wrong signature length') + # Avoid timing attacks (see + # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf) invalid_bits = 0 - for a, b in zip(sig, input_sig): invalid_bits += a != b |