This is an automated email from the ASF dual-hosted git repository. rnewson pushed a commit to branch couch_passwords_very_return_false in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit c7f8d698857a2c5a5b6f06b6d8f58d0efcddae25 Author: Robert Newson <[email protected]> AuthorDate: Tue Dec 12 11:48:38 2023 +0000 couch_passwords:verify should always return false for bad inputs --- src/couch/src/couch_passwords.erl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/couch/src/couch_passwords.erl b/src/couch/src/couch_passwords.erl index b2f212a6d..fbfcc2c1d 100644 --- a/src/couch/src/couch_passwords.erl +++ b/src/couch/src/couch_passwords.erl @@ -137,6 +137,8 @@ verify(ListA, ListB) when is_list(ListA), is_list(ListB) -> verify(BinA, BinB) when is_binary(BinA), is_binary(BinB), byte_size(BinA) == byte_size(BinB) -> crypto:hash_equals(BinA, BinB); verify(BinA, BinB) when is_binary(BinA), is_binary(BinB) -> + false; +verify(_A, _B) -> false. -else. -spec verify(string(), string(), integer()) -> boolean().
