in_splunk: Handle authrozation header more precisely for HTTP1.1

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
fluent · May 31, 2024 · c08585c · c08585c
1 parent fe4507f
commit c08585c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/plugins/in_splunk/splunk.c b/plugins/in_splunk/splunk.c
@@ -181,6 +181,10 @@ static int in_splunk_exit(void *data, struct flb_config *config)
 
     ctx = data;
 
+    if (ctx->ingested_auth_header != NULL) {
+        flb_sds_destroy(ctx->ingested_auth_header);
+    }
+
     if (ctx != NULL) {
         splunk_config_destroy(ctx);
     }

diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c
@@ -212,6 +212,13 @@ static flb_sds_t tag_key(struct flb_splunk *ctx, msgpack_object *map)
     return NULL;
 }
 
+static void reset_ingested_auth_header(struct flb_splunk *ctx)
+{
+    if (ctx->ingested_auth_header != NULL) {
+        flb_sds_destroy(ctx->ingested_auth_header);
+    }
+}
+
 /*
  * Process a raw text payload for Splunk HEC requests, uses the delimited character to split records,
  * return the number of processed bytes
@@ -582,7 +589,8 @@ static int process_hec_payload(struct flb_splunk *ctx, struct splunk_conn *conn,
     header_auth = &session->parser.headers[MK_HEADER_AUTHORIZATION];
     if (header_auth->key.data != NULL) {
         if (strncasecmp(header_auth->val.data, "Splunk ", 7) == 0) {
-            ctx->ingested_auth_header = header_auth->val.data;
+            reset_ingested_auth_header(ctx);
+            ctx->ingested_auth_header = flb_sds_create_len(header_auth->val.data, header_auth->val.len);
         }
     }
 
@@ -647,7 +655,8 @@ static int process_hec_raw_payload(struct flb_splunk *ctx, struct splunk_conn *c
     header_auth = &session->parser.headers[MK_HEADER_AUTHORIZATION];
     if (header_auth->key.data != NULL) {
         if (strncasecmp(header_auth->val.data, "Splunk ", 7) == 0) {
-            ctx->ingested_auth_header = header_auth->val.data;
+            reset_ingested_auth_header(ctx);
+            ctx->ingested_auth_header = flb_sds_create_len(header_auth->val.data, header_auth->val.len);
         }
     }
 
@@ -1001,7 +1010,8 @@ static int process_hec_payload_ng(struct flb_http_request *request,
 
     ret = flb_hash_table_get(request->headers, "authorization", 13, (void **)&auth_header, &size);
     if (ret != 0) {
-        ctx->ingested_auth_header = auth_header;
+        reset_ingested_auth_header(ctx);
+        ctx->ingested_auth_header = flb_sds_create_len(auth_header, size);
     }
 
     if (request->body == NULL || cfl_sds_len(request->body) <= 0) {
@@ -1034,7 +1044,8 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request,
 
     ret = flb_hash_table_get(request->headers, "authorization", 13, (void **)&auth_header, &size);
     if (ret != 0) {
-        ctx->ingested_auth_header = auth_header;
+        reset_ingested_auth_header(ctx);
+        ctx->ingested_auth_header = flb_sds_create_len(auth_header, size);
     }
 
     if (request->body == NULL || cfl_sds_len(request->body) == 0) {