fix: padded base64 encoded docker auth field

base64 allows usage of new line characters and some tools use them.
As a result, the length of the encoded string cannot be used to
determine whether it's padded or not.

This patch fixes the regression after #82148.
This commit is contained in:
Oleg Bulatov 2019-11-27 17:26:44 +01:00
parent be65a9d1b6
commit 5bec54ed5b
No known key found for this signature in database
GPG Key ID: 51574882800C5922
2 changed files with 14 additions and 2 deletions

View File

@ -287,8 +287,7 @@ func decodeDockerConfigFieldAuth(field string) (username, password string, err e
// StdEncoding can only decode padded string
// RawStdEncoding can only decode unpadded string
// a string is correctly padded if and only if its length is a multiple of 4
if (len(field) % 4) == 0 {
if strings.HasSuffix(strings.TrimSpace(field), "=") {
// decode padded data
decoded, err = base64.StdEncoding.DecodeString(field)
} else {

View File

@ -214,6 +214,13 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
password: "bar",
},
// some test as before but with new line characters
{
input: "Zm9vOm\nJhcg==\n",
username: "foo",
password: "bar",
},
// standard encoding (with padding)
{
input: base64.StdEncoding.EncodeToString([]byte("foo:bar")),
@ -241,6 +248,12 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
fail: true,
},
// only new line characters are ignored
{
input: "Zm9vOmJhcg== ",
fail: true,
},
// bad base64 data
{
input: "pants",