wincred: add fallback for existing values

thaJeztah · thaJeztah · commit 2b9c650dfff7 · 2026-04-20T11:30:40.000+02:00
As older versions of the credential helper would store creds as raw
bytes, we must expect the value to be a raw byte, not UTF-16LE encoded.

Try decoding the value and check if it round-trips correctly to make
sure we're actually dealing with UTF-16LE encoded creds.

We should also consider setting a custom "encoding" attribute instead
to detect what encoding was used to store the value.

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/wincred/wincred.go b/wincred/wincred.go
@@ -4,8 +4,10 @@ package wincred
 
 import (
 	"bytes"
+	"encoding/binary"
 	"net/url"
 	"strings"
+	"unicode/utf16"
 
 	winc "github.com/danieljoos/wincred"
 	"golang.org/x/text/encoding/unicode"
@@ -67,12 +69,21 @@ func (h Wincred) Get(serverURL string) (string, string, error) {
 		if strings.Compare(attr.Keyword, "label") == 0 &&
 			bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
 
-			encoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
-			passwd, _, err := transform.String(encoder, string(g.CredentialBlob))
-			if err != nil {
-				return "", "", err
+			creds := string(g.CredentialBlob)
+
+			// Older versions of the wincred credential-helper stored the password blob
+			// as raw string bytes. Newer versions store it as UTF-16LE.
+			//
+			// The credential blob does not include encoding metadata, so we cannot
+			// reliably distinguish legacy entries from UTF-16LE entries in all cases.
+			// For backward compatibility, keep the legacy raw-byte form by default and
+			// only use the UTF-16LE-decoded form when it round-trips cleanly.
+			//
+			// See https://github.com/docker/docker-credential-helpers/pull/335
+			if p, ok := tryDecodeUTF16LE(g.CredentialBlob); ok {
+				creds = p
 			}
-			return g.UserName, passwd, nil
+			return g.UserName, creds, nil
 		}
 	}
 	return "", "", credentials.NewErrCredentialsNotFound()
@@ -165,3 +176,31 @@ func (h Wincred) List() (map[string]string, error) {
 
 	return resp, nil
 }
+
+func tryDecodeUTF16LE(blob []byte) (string, bool) {
+	if len(blob)%2 != 0 {
+		return "", false
+	}
+
+	decoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
+	s, _, err := transform.String(decoder, string(blob))
+	if err != nil {
+		return "", false
+	}
+
+	// roundtrip the value to check if it was indeed valid UTF-16LE.
+	if string(encodeUTF16LE(s)) != string(blob) {
+		return "", false
+	}
+
+	return s, true
+}
+
+func encodeUTF16LE(s string) []byte {
+	u16 := utf16.Encode([]rune(s))
+	buf := make([]byte, len(u16)*2)
+	for i, r := range u16 {
+		binary.LittleEndian.PutUint16(buf[i*2:], r)
+	}
+	return buf
+}
