From c0d91840a3cc2bf2f260f7dd563e03cf744d735f Mon Sep 17 00:00:00 2001 From: Hiroshi Hatake Date: Tue, 16 Jul 2024 19:44:04 +0900 Subject: [PATCH] in_splunk: Process Content-Type strictly Signed-off-by: Hiroshi Hatake --- plugins/in_splunk/splunk_prot.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c index 94b132929f3..286b4e7e478 100644 --- a/plugins/in_splunk/splunk_prot.c +++ b/plugins/in_splunk/splunk_prot.c @@ -576,7 +576,7 @@ static int process_hec_payload(struct flb_splunk *ctx, struct splunk_conn *conn, header = &session->parser.headers[MK_HEADER_CONTENT_TYPE]; if (header->key.data == NULL) { send_response(conn, 400, "error: header 'Content-Type' is not set\n"); - return -1; + return -2; } if (header->val.len == 16 && @@ -595,7 +595,7 @@ static int process_hec_payload(struct flb_splunk *ctx, struct splunk_conn *conn, if (request->data.len <= 0) { send_response(conn, 400, "error: no payload found\n"); - return -1; + return -2; } header_auth = &session->parser.headers[MK_HEADER_AUTHORIZATION]; @@ -846,6 +846,13 @@ int splunk_prot_handle(struct flb_splunk *ctx, struct splunk_conn *conn, strcasecmp(uri, "/services/collector") == 0) { ret = process_hec_payload(ctx, conn, tag, session, request); + if (ret == -2) { + flb_sds_destroy(tag); + mk_mem_free(uri); + + return -1; + } + if (!ret) { send_json_message_response(conn, 400, "{\"text\":\"Invalid data format\",\"code\":6}"); } @@ -1162,6 +1169,8 @@ int splunk_prot_handle_ng(struct flb_http_request *request, if (ret != 0) { send_json_message_response_ng(response, 400, "{\"text\":\"Invalid data format\",\"code\":6}"); + + ret = -1; } else { send_json_message_response_ng(response, 200, "{\"text\":\"Success\",\"code\":0}");