From f509308168ba5fdd9749fadbd9a7dc6b97dcf520 Mon Sep 17 00:00:00 2001
From: Tim Wickberg <tim@schedmd.com>
Date: Fri, 2 Jul 2021 11:55:45 -0600
Subject: [PATCH] Testsuite - alter approach to corrupting credentials.

Avoid the last 4 characters of the credential string. The ':' at the end,
as well as the trailing part of the base64-encoded string. It is possible
to alter the end of a base64 string and end up with an equivalent binary
stream after decoding, which can mean the attempt at corrupting the
credential will not succeed and it will decode properly, which caused
test 7.16 to fail randomly.

Bug 10276.
---
 src/plugins/auth/munge/auth_munge.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/plugins/auth/munge/auth_munge.c b/src/plugins/auth/munge/auth_munge.c
index 789119b2f9a..1dbd577add4 100644
--- a/src/plugins/auth/munge/auth_munge.c
+++ b/src/plugins/auth/munge/auth_munge.c
@@ -189,7 +189,12 @@ again:
 		cred = NULL;
 		slurm_seterrno(ESLURM_AUTH_CRED_INVALID);
 	} else if ((bad_cred_test > 0) && cred->m_str) {
-		int i = ((int) time(NULL)) % strlen(cred->m_str);
+		/*
+		 * Avoid changing the trailing ':' character, or any of the
+		 * trailing base64 padding which could leave the base64 stream
+		 * intact, and fail to cause the failure we desire.
+		 */
+		int i = ((int) time(NULL)) % (strlen(cred->m_str) - 4);
 		cred->m_str[i]++;	/* random position in credential */
 	}
 
-- 
GitLab