From 98398860519e0aba630b24018de59df2604c4fe6 Mon Sep 17 00:00:00 2001
From: Peter Boling <peter.boling@gmail.com>
Date: Mon, 1 Nov 2021 02:22:14 +0700
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=EF=B8=8F=20[SECURITY]=20Fix=20unsa?=
 =?UTF-8?q?fe=20string=20comparison?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Closes #156

Signed-off-by: Peter Boling <peter.boling@gmail.com>
---
 lib/oauth/signature/base.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/oauth/signature/base.rb b/lib/oauth/signature/base.rb
index 9110e464..e44f59a1 100644
--- a/lib/oauth/signature/base.rb
+++ b/lib/oauth/signature/base.rb
@@ -51,7 +51,9 @@ def signature
     end
 
     def ==(cmp_signature)
-      signature == cmp_signature
+      check = signature.bytesize ^ cmp_signature.bytesize
+      signature.bytes.zip(cmp_signature.bytes) { |x, y| check |= x ^ y.to_i }
+      check.zero?
     end
 
     def verify