Merge pull request #4910 from apache/couch_passwords_very_return_false couch_passwords:verify should always return false for bad inputs

commit: e551cac5a89678abedca5cef075b9426bf9f8cf3 [log] [tgz]
author: Robert Newson <rnewson@apache.org> Tue Dec 12 15:26:35 2023 +0000
committer: GitHub <noreply@github.com> Tue Dec 12 15:26:35 2023 +0000
tree: 24bc0c82480f37fa0ba1b6b054a06ab7b53abe90
parent: 0eca498ed1fa9286746dc9a8667cf7174b15c350 [diff]
parent: 876fa877ce8b0af95a276fda0813e78f61a3319d [diff]
diff --git a/src/couch/src/couch_passwords.erl b/src/couch/src/couch_passwords.erl
index b2f212a..fbfcc2c 100644
--- a/src/couch/src/couch_passwords.erl
+++ b/src/couch/src/couch_passwords.erl

@@ -137,6 +137,8 @@
 verify(BinA, BinB) when is_binary(BinA), is_binary(BinB), byte_size(BinA) == byte_size(BinB) ->
     crypto:hash_equals(BinA, BinB);
 verify(BinA, BinB) when is_binary(BinA), is_binary(BinB) ->
+    false;
+verify(_A, _B) ->
     false.
 -else.
 -spec verify(string(), string(), integer()) -> boolean().
commit	e551cac5a89678abedca5cef075b9426bf9f8cf3	[log] [tgz]
author	Robert Newson <rnewson@apache.org>	Tue Dec 12 15:26:35 2023 +0000
committer	GitHub <noreply@github.com>	Tue Dec 12 15:26:35 2023 +0000
tree	24bc0c82480f37fa0ba1b6b054a06ab7b53abe90
parent	0eca498ed1fa9286746dc9a8667cf7174b15c350 [diff]
parent	876fa877ce8b0af95a276fda0813e78f61a3319d [diff]