Testsuite - alter approach to corrupting credentials.

Avoid the last 4 characters of the credential string. The ':' at the end, as well as the trailing part of the base64-encoded string. It is possible to alter the end of a base64 string and end up with an equivalent binary stream after decoding, which can mean the attempt at corrupting the credential will not succeed and it will decode properly, which caused test 7.16 to fail randomly. Bug 10276.

Testsuite - alter approach to corrupting credentials.
Avoid the last 4 characters of the credential string. The ':' at the end, as well as the trailing part of the base64-encoded string. It is possible to alter the end of a base64 string and end up with an equivalent binary stream after decoding, which can mean the attempt at corrupting the credential will not succeed and it will decode properly, which caused test 7.16 to fail randomly. Bug 10276.
f5093081 · Tim Wickberg · b8d1b603 · f5093081
Commit f5093081 authored 3 years ago by Tim Wickberg
--- a/src/plugins/auth/munge/auth_munge.c
+++ b/src/plugins/auth/munge/auth_munge.c
@@ -189,7 +189,12 @@ again:
 		cred = NULL;
 		slurm_seterrno(ESLURM_AUTH_CRED_INVALID);
 	} else if ((bad_cred_test > 0) && cred->m_str) {
-		int i = ((int) time(NULL)) % strlen(cred->m_str);
+		/*
+		 * Avoid changing the trailing ':' character, or any of the
+		 * trailing base64 padding which could leave the base64 stream
+		 * intact, and fail to cause the failure we desire.
+		 */
+		int i = ((int) time(NULL)) % (strlen(cred->m_str) - 4);
 		cred->m_str[i]++;	/* random position in credential */
 	}