This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author serhiy.storchaka
Recipients Jon.Oberheide, alex, christian.heimes, fijall, georg.brandl, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev, serhiy.storchaka
Date 2012-06-21.20:55:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1340312157.2703.17.camel@raxxla>
In-reply-to <1340296698.3357.20.camel@localhost.localdomain>
Content
> > - I only handle exact byte or unicode types (no subclasses) since a
> > user may have overwritten __eq__ and I don't want to special case it.
> We could handle all bytes-compatible objects, using the buffer API.

It is timing unsafe.

> > - The unicode path works only with compact ASCII strings. I'm not
> > familiar with the new API so please scream if I did it wrong.
> It looks ok to me.

The user can just do timingsafe_eq(a.decode('ascii'),
b.decode('ascii')). I do not see a necessity in support of unicode
strings. Support ASCII strings will create the false impression that all
strings are supported.

About code. Instead (PyBytes_CheckExact(a) && PyBytes_CheckExact(b)) you
should use ((PyBytes_CheckExact(a) != 0) & (PyBytes_CheckExact(b) !=
0)).
History
Date User Action Args
2012-06-21 20:55:44serhiy.storchakasetrecipients: + serhiy.storchaka, loewis, georg.brandl, ncoghlan, pitrou, christian.heimes, alex, fijall, python-dev, petri.lehtinen, hynek, Jon.Oberheide
2012-06-21 20:55:44serhiy.storchakalinkissue15061 messages
2012-06-21 20:55:43serhiy.storchakacreate