diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2013-04-22 17:08:23 -0700 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2013-04-22 17:08:23 -0700 |
commit | 4b640a0d8057c24fcfd8257bc20cb26f2aaa546f (patch) | |
tree | c175983733ec3ee1019a1d153620be2b921b098e | |
parent | 0232e227b1cf3e67fbb82b2198311fa8ca618fbd (diff) | |
parent | 18a6b88f4a7b35f6ccf8927aa7e99016144d9668 (diff) | |
download | rack-4b640a0d8057c24fcfd8257bc20cb26f2aaa546f.tar.gz |
Merge pull request #523 from bdimcheff/fix-missing-digest
prevent crash when cookie doesn't contain "--"
-rw-r--r-- | lib/rack/session/cookie.rb | 2 | ||||
-rw-r--r-- | test/spec_rack_session_cookie.rb | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/rack/session/cookie.rb b/lib/rack/session/cookie.rb index 63c426f0..9023de9f 100644 --- a/lib/rack/session/cookie.rb +++ b/lib/rack/session/cookie.rb @@ -55,7 +55,7 @@ module Rack if @secret && session_data session_data, digest = session_data.split("--") - session_data = nil unless Utils.secure_compare(digest, generate_hmac(session_data)) + session_data = nil unless session_data && digest && Utils.secure_compare(digest, generate_hmac(session_data)) end begin diff --git a/test/spec_rack_session_cookie.rb b/test/spec_rack_session_cookie.rb index 08e3a3f7..9c972976 100644 --- a/test/spec_rack_session_cookie.rb +++ b/test/spec_rack_session_cookie.rb @@ -52,6 +52,11 @@ context "Rack::Session::Cookie" do res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)). get("/", "HTTP_COOKIE" => "rack.session=blarghfasel") res.body.should.equal '{"counter"=>1}' + + app = Rack::Session::Cookie.new(incrementor, :secret => 'test') + res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => "rack.session=") + res.body.should.equal '{"counter"=>1}' + end bigcookie = lambda { |env| |