engine-api icon indicating copy to clipboard operation
engine-api copied to clipboard

Published 20 hours ago verified publisher icon docker

Response status code needs to be checked after unauthorized

Open stevvooe opened this issue 9 years ago • 1 comments

Please see this code: https://github.com/docker/engine-api/blob/master/client/image_pull.go#L30. The status code is not checked after running privilegeFunc. This could return a completely invalid body and result in undetectable error.

I'm not sure about a fix since it is not entirely clear what this code is supposed to be doing. Why wouldn't privilegeFunc be called on the first time through?

stevvooe avatar Mar 08 '16 02:03 stevvooe

Looks like it's on line 35 now, and still exists in https://github.com/moby/moby/blob/master/client/image_pull.go

coreydaley avatar Jan 11 '18 18:01 coreydaley