Merge pull request #20440 from repinel/fix-message-verifier-encoding-issue

Fix the message verifier encoding issue

activesupport/lib/active_support/message_verifier.rb

@@ -44,7 +44,7 @@ def initialize(secret, options = {})
     #   tampered_message = signed_message.chop # editing the message invalidates the signature
     #   verifier.valid_message?(tampered_message) # => false
     def valid_message?(signed_message)
-      return if signed_message.blank?
+      return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.blank?
 
       data, digest = signed_message.split("--")
       data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))

activesupport/test/message_verifier_test.rb

@@ -24,6 +24,7 @@ def test_valid_message
     data, hash = @verifier.generate(@data).split("--")
     assert !@verifier.valid_message?(nil)
     assert !@verifier.valid_message?("")
+    assert !@verifier.valid_message?("\xff") # invalid encoding
     assert !@verifier.valid_message?("#{data.reverse}--#{hash}")
     assert !@verifier.valid_message?("#{data}--#{hash.reverse}")
     assert !@verifier.valid_message?("purejunk")