Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45185

Base64 usage in SecretBytes is not correct

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • credentials-plugin
    • None

      The documentation for SecretBytes talks about using Base64, however it is not tolerant of valid Base64 input (RFC 2048)

      The RFC says that lines should be a maximum of 76 characters and separated by \r\n
      however when given an input with \r\n the jcifs base64 decoder blows up.

      The class should be tollerant of varying different forms of Base64.

      • ones without line wrapping
      • ones with valid line wrapping
      • ones with line wrapping but using \n (invalid but produced by xstream)

      infact the use of base64 in this plugin is just crazy - 3 different libraries are in use for base64

      1. com.trilead.ssh2.crypto.Base64 (CertificateCredentialsImpl.java)
      2. hudson.remoting.Base64 (SecretBytesTest.java)
      3. jcifs.util.Base64 (SecretBytes.java

            stephenconnolly Stephen Connolly
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: