Restrict repository names from matching hexadecimal strings

To avoid conflicting with layer IDs, repository names must
not be tagged with names that collide with hexadecimal strings.

Signed-off-by: Eric Windisch <eric@windisch.us>

registry/registry.go

@@ -23,6 +23,7 @@ var (
 	ErrAlreadyExists         = errors.New("Image already exists")
 	ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
 	errLoginRequired         = errors.New("Authentication is required.")
+	validHex                 = regexp.MustCompile(`^([a-f0-9]{64})$`)
 )
 
 type TimeoutType uint32
@@ -218,6 +219,10 @@ func validateRepositoryName(repositoryName string) error {
 	if len(nameParts) < 2 {
 		namespace = "library"
 		name = nameParts[0]
+
+		if validHex.MatchString(name) {
+			return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
+		}
 	} else {
 		namespace = nameParts[0]
 		name = nameParts[1]

registry/registry_test.go

@@ -224,6 +224,10 @@ func TestValidRepositoryName(t *testing.T) {
 	if err := validateRepositoryName("docker/docker"); err != nil {
 		t.Fatal(err)
 	}
+	// Support 64-byte non-hexadecimal names (hexadecimal names are forbidden)
+	if err := validateRepositoryName("thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev"); err != nil {
+		t.Fatal(err)
+	}
 	if err := validateRepositoryName("docker/Docker"); err == nil {
 		t.Log("Repository name should be invalid")
 		t.Fail()
@@ -232,6 +236,10 @@ func TestValidRepositoryName(t *testing.T) {
 		t.Log("Repository name should be invalid")
 		t.Fail()
 	}
+	if err := validateRepositoryName("1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a"); err == nil {
+		t.Log("Repository name should be invalid, 64-byte hexadecimal names forbidden")
+		t.Fail()
+	}
 }
 
 func TestTrustedLocation(t *testing.T) {