Merge pull request #82148 from bbourbie/fix_docker_credential

fix: adding padding the encoded docker auth field
This commit is contained in:
Kubernetes Prow Robot 2019-09-25 11:04:14 -07:00 committed by GitHub
commit 5675ef858e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 1 deletions

View File

@ -282,7 +282,20 @@ func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) {
// decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a
// username and a password. The format of the auth field is base64(<username>:<password>).
func decodeDockerConfigFieldAuth(field string) (username, password string, err error) {
decoded, err := base64.StdEncoding.DecodeString(field)
var decoded []byte
// StdEncoding can only decode padded string
// RawStdEncoding can only decode unpadded string
// a string is correctly padded if and only if its length is a multiple of 4
if (len(field) % 4) == 0 {
// decode padded data
decoded, err = base64.StdEncoding.DecodeString(field)
} else {
// decode unpadded data
decoded, err = base64.RawStdEncoding.DecodeString(field)
}
if err != nil {
return
}

View File

@ -17,6 +17,7 @@ limitations under the License.
package credentialprovider
import (
"encoding/base64"
"encoding/json"
"io/ioutil"
"os"
@ -208,6 +209,34 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
password: "bar",
},
// some test as before but with field not well padded
{
input: "Zm9vOmJhcg",
username: "foo",
password: "bar",
},
// standard encoding (with padding)
{
input: base64.StdEncoding.EncodeToString([]byte("foo:bar")),
username: "foo",
password: "bar",
},
// raw encoding (without padding)
{
input: base64.RawStdEncoding.EncodeToString([]byte("foo:bar")),
username: "foo",
password: "bar",
},
// the input is encoded with encodeDockerConfigFieldAuth (standard encoding)
{
input: encodeDockerConfigFieldAuth("foo", "bar"),
username: "foo",
password: "bar",
},
// good base64 data, but no colon separating username & password
{
input: "cGFudHM=",