diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2014-05-26 13:52:37 +0200 |
|---|---|---|
| committer | Florian Apolloner <florian@apolloner.eu> | 2014-05-28 19:51:39 +0200 |
| commit | 7e3cf3cfd27e53ced0a1fc65a02849f78a292d3d (patch) | |
| tree | 3d44e8af64f100a5a2f54e79d20509d9ab543b36 | |
| parent | 32586b0ba43816d325be0ce807f75623683eed7a (diff) | |
Fixed constant_time_compare on Python 2.7.7
Python 2.7.7 includes compare_digest in the hmac module, but it requires
both arguments to have the same type. This is usually not a problem on
Python 3 since everything is text, but we have mixed unicode and str on
Python 2 -- hence make sure everything is bytes before feeding it into
compare_digest.
| -rw-r--r-- | django/utils/crypto.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 8bf884a72f..cbf2656316 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -79,7 +79,8 @@ def get_random_string(length=12, if hasattr(hmac, "compare_digest"): # Prefer the stdlib implementation, when available. - constant_time_compare = hmac.compare_digest + def constant_time_compare(val1, val2): + return hmac.compare_digest(force_bytes(val1), force_bytes(val2)) else: def constant_time_compare(val1, val2): """ |