in_splunk: splunk token validation must be case-insensitive, since th…

…at's the behavior from Splunk HEC Signed-off-by: lecaros <[email protected]>
fluent · Nov 14, 2024 · c290f27 · c290f27
1 parent f03baad
commit c290f27
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c
@@ -513,7 +513,7 @@ static int validate_auth_header(struct flb_splunk *ctx, struct mk_http_request *
                 continue;
             }
 
-            if (strncmp(splunk_token->header,
+            if (strncasecmp(splunk_token->header,
                         authorization,
                         splunk_token->length) == 0) {
                 flb_sds_destroy(authorization);
@@ -1046,7 +1046,7 @@ static int validate_auth_header_ng(struct flb_splunk *ctx, struct flb_http_reque
                 return SPLUNK_AUTH_UNAUTHORIZED;
             }
 
-            if (strncmp(splunk_token->header,
+            if (strncasecmp(splunk_token->header,
                         auth_header,
                         splunk_token->length) == 0) {
                 return SPLUNK_AUTH_SUCCESS;