summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcguardia <carlos.delaguardia@gmail.com>2011-04-25 10:50:15 -0500
committercguardia <carlos.delaguardia@gmail.com>2011-04-25 10:50:15 -0500
commitcaff04f3732bf9423b41adc665af038e8627a7e5 (patch)
tree31f8083ae8af207ce75b03384e46140b472989e2
parentb61680ad87abcb524ae3fe846cd591c6ec1d54ef (diff)
parentbf6be9eae4d0be7789effd36875148b6319d77e1 (diff)
downloadpyramid-caff04f3732bf9423b41adc665af038e8627a7e5.tar.gz
pyramid-caff04f3732bf9423b41adc665af038e8627a7e5.tar.bz2
pyramid-caff04f3732bf9423b41adc665af038e8627a7e5.zip
Merge branch 'master' of https://github.com/Pylons/pyramid
Diffstat
-rw-r--r--CONTRIBUTORS.txt1
-rw-r--r--pyramid/session.py6
2 files changed, 3 insertions, 4 deletions
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt
index 5a72f242e..75f9e9166 100644
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -135,3 +135,4 @@ Contributors
- Juliusz Gonera, 2011/04/17
+- Philip Jenvey, 2011/04/24
diff --git a/pyramid/session.py b/pyramid/session.py
index 4e63ef460..5772c80d0 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -276,14 +276,12 @@ def signed_deserialize(serialized, secret, hmac=hmac):
sig = hmac.new(secret, pickled, sha1).hexdigest()
- # Avoid timing attacks (see
- # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
-
if len(sig) != len(input_sig):
raise ValueError('Wrong signature length')
+ # Avoid timing attacks (see
+ # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
invalid_bits = 0
-
for a, b in zip(sig, input_sig):
invalid_bits += a != b
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-18 03:12:42 +0000