Merge pull request #4910 from apache/couch_passwords_very_return_false
couch_passwords:verify should always return false for bad inputs
diff --git a/src/couch/src/couch_passwords.erl b/src/couch/src/couch_passwords.erl
index b2f212a..fbfcc2c 100644
--- a/src/couch/src/couch_passwords.erl
+++ b/src/couch/src/couch_passwords.erl
@@ -137,6 +137,8 @@
verify(BinA, BinB) when is_binary(BinA), is_binary(BinB), byte_size(BinA) == byte_size(BinB) ->
crypto:hash_equals(BinA, BinB);
verify(BinA, BinB) when is_binary(BinA), is_binary(BinB) ->
+ false;
+verify(_A, _B) ->
false.
-else.
-spec verify(string(), string(), integer()) -> boolean().