fix: handling unpadded base64 encoded docker auth field
docker-credential-desk does not pad anymore the auth field. it is then possible to have unpadded auth field. field might be encoded either with RawStdEncoding or StdEncoding we now determine if it is correctly padded in order to handle both cases.
This commit is contained in:
		| @@ -282,7 +282,20 @@ func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) { | ||||
| // decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a | ||||
| // username and a password. The format of the auth field is base64(<username>:<password>). | ||||
| func decodeDockerConfigFieldAuth(field string) (username, password string, err error) { | ||||
| 	decoded, err := base64.StdEncoding.DecodeString(field) | ||||
|  | ||||
| 	var decoded []byte | ||||
|  | ||||
| 	// StdEncoding can only decode padded string | ||||
| 	// RawStdEncoding can only decode unpadded string | ||||
| 	// a string is correctly padded if and only if its length is a multiple of 4 | ||||
| 	if (len(field) % 4) == 0 { | ||||
| 		// decode padded data | ||||
| 		decoded, err = base64.StdEncoding.DecodeString(field) | ||||
| 	} else { | ||||
| 		// decode unpadded data | ||||
| 		decoded, err = base64.RawStdEncoding.DecodeString(field) | ||||
| 	} | ||||
|  | ||||
| 	if err != nil { | ||||
| 		return | ||||
| 	} | ||||
|   | ||||
| @@ -17,6 +17,7 @@ limitations under the License. | ||||
| package credentialprovider | ||||
|  | ||||
| import ( | ||||
| 	"encoding/base64" | ||||
| 	"encoding/json" | ||||
| 	"io/ioutil" | ||||
| 	"os" | ||||
| @@ -208,6 +209,34 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) { | ||||
| 			password: "bar", | ||||
| 		}, | ||||
|  | ||||
| 		// some test as before but with field not well padded | ||||
| 		{ | ||||
| 			input:    "Zm9vOmJhcg", | ||||
| 			username: "foo", | ||||
| 			password: "bar", | ||||
| 		}, | ||||
|  | ||||
| 		// standard encoding (with padding) | ||||
| 		{ | ||||
| 			input:    base64.StdEncoding.EncodeToString([]byte("foo:bar")), | ||||
| 			username: "foo", | ||||
| 			password: "bar", | ||||
| 		}, | ||||
|  | ||||
| 		// raw encoding (without padding) | ||||
| 		{ | ||||
| 			input:    base64.RawStdEncoding.EncodeToString([]byte("foo:bar")), | ||||
| 			username: "foo", | ||||
| 			password: "bar", | ||||
| 		}, | ||||
|  | ||||
| 		// the input is encoded with encodeDockerConfigFieldAuth (standard encoding) | ||||
| 		{ | ||||
| 			input:    encodeDockerConfigFieldAuth("foo", "bar"), | ||||
| 			username: "foo", | ||||
| 			password: "bar", | ||||
| 		}, | ||||
|  | ||||
| 		// good base64 data, but no colon separating username & password | ||||
| 		{ | ||||
| 			input: "cGFudHM=", | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Benoît Bourbié
					Benoît Bourbié