Jon Oberheide <j...@oberheide.org> added the comment: Thanks for the feedback, haypo. I've updated the patch to use unicode-internal. As long as the encode() of the expected non-attacker-controlled digest is not dependent on the actual contents of the digest, we should be good.
---------- Added file: http://bugs.python.org/file25801/secure-compare-fix-v2.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14955> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com