<p><a href="https://github.com/miconda" class="user-mention">@miconda</a> thanks for the info.<br>
after digging more , i think the issue is not related to <code>kazoo</code>. can you try the below script (note that kazoo is not used) ? also maybe fake a transaction to a external auth and set the <code>$xavp(ulattrs=>extra_info)</code> on the <code>continue</code>block ?<br>
with this configuration, the 1st registration doesn't leak but the re-registrations do leak.</p>
<pre><code>...
modparam("usrloc", "xavp_contact", "ulattrs")
modparam("registrar", "xavp_rcd", "ulrcd")
modparam("registrar", "xavp_cfg", "regcfg")
modparam("htable", "htable", "auth_cache=>size=16;autoexpire=7200;")
...

route[REGISTRAR]
{

    $xavp(regcfg=>match_received) = $su;
    if($sht(auth_cache=>$Au) != $null && registered("location", "$rz:$Au", 2, 1) == 1) {
        xlog("L_INFO", "$ci|register|found cached registration for $rz:$Au\n");
            $var(password) = $sht(auth_cache=>$Au);
            route(SAVE_LOCATION);
    }

    if( !is_present_hf("Authorization")) {
        auth_challenge("$fd", "0");
        exit();
    }
    
    $xavp(ulattrs=>extra_info) = '{"test" : true}';
    
    route(SAVE_LOCATION);

}

route[SAVE_LOCATION]
{

    if ($sht(auth_cache=>$Au) == $null) {
        xlog("L_INFO", "$ci|log|caching sip credentials for $Au\n");
    };
    $sht(auth_cache=>$Au) = $var(password);
    $var(save_result) = save("location", "0x04");
    if($var(save_result) == -1) {
        auth_challenge("$fd", "0");
        xlog("L_INFO", "$ci|end|issued auth challenge after failed attempt to save contact for $Au $si:$sp\n");
        exit;
    } else {
        if($var(save_result) == 1) {
            $var(new_reg) = "true";
        } else {
           $var(new_reg) = "false";
        }
    }
    xlog("L_INFO", "$ci|end|save result $var(save_result) with contact $xavp(ulrcd=>ruid) : $ct\n");
}
</code></pre>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/1111#issuecomment-301643800">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AF36Zbg8XS0IwQrqB7X8mcVxkG2czb0hks5r6PI2gaJpZM4NOAPn">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AF36ZZfIaFf-Ukde1mbH6RDS29kmND5Vks5r6PI2gaJpZM4NOAPn.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/kamailio/kamailio/pull/1111#issuecomment-301643800"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kamailio/kamailio","title":"kamailio/kamailio","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kamailio/kamailio"}},"updates":{"snippets":[{"icon":"PERSON","message":"@lazedo in #1111: @miconda thanks for the info.\r\nafter digging more , i think the issue is not related to `kazoo`. can you try the below script (note that kazoo is not used) ? also maybe fake a transaction to a external auth and set the `$xavp(ulattrs=\u003eextra_info)` on the `continue`block ?\r\nwith this configuration, the 1st registration doesn't leak but the re-registrations do leak.\r\n\r\n```\r\n...\r\nmodparam(\"usrloc\", \"xavp_contact\", \"ulattrs\")\r\nmodparam(\"registrar\", \"xavp_rcd\", \"ulrcd\")\r\nmodparam(\"registrar\", \"xavp_cfg\", \"regcfg\")\r\nmodparam(\"htable\", \"htable\", \"auth_cache=\u003esize=16;autoexpire=7200;\")\r\n...\r\n\r\nroute[REGISTRAR]\r\n{\r\n\r\n    $xavp(regcfg=\u003ematch_received) = $su;\r\n    if($sht(auth_cache=\u003e$Au) != $null \u0026\u0026 registered(\"location\", \"$rz:$Au\", 2, 1) == 1) {\r\n        xlog(\"L_INFO\", \"$ci|register|found cached registration for $rz:$Au\\n\");\r\n            $var(password) = $sht(auth_cache=\u003e$Au);\r\n            route(SAVE_LOCATION);\r\n    }\r\n\r\n    if( !is_present_hf(\"Authorization\")) {\r\n        auth_challenge(\"$fd\", \"0\");\r\n        exit();\r\n    }\r\n    \r\n    $xavp(ulattrs=\u003eextra_info) = '{\"test\" : true}';\r\n    \r\n    route(SAVE_LOCATION);\r\n\r\n}\r\n\r\nroute[SAVE_LOCATION]\r\n{\r\n\r\n    if ($sht(auth_cache=\u003e$Au) == $null) {\r\n        xlog(\"L_INFO\", \"$ci|log|caching sip credentials for $Au\\n\");\r\n    };\r\n    $sht(auth_cache=\u003e$Au) = $var(password);\r\n    $var(save_result) = save(\"location\", \"0x04\");\r\n    if($var(save_result) == -1) {\r\n        auth_challenge(\"$fd\", \"0\");\r\n        xlog(\"L_INFO\", \"$ci|end|issued auth challenge after failed attempt to save contact for $Au $si:$sp\\n\");\r\n        exit;\r\n    } else {\r\n        if($var(save_result) == 1) {\r\n            $var(new_reg) = \"true\";\r\n        } else {\r\n           $var(new_reg) = \"false\";\r\n        }\r\n    }\r\n    xlog(\"L_INFO\", \"$ci|end|save result $var(save_result) with contact $xavp(ulrcd=\u003eruid) : $ct\\n\");\r\n}\r\n```\r\n\r\n"}],"action":{"name":"View Pull Request","url":"https://github.com/kamailio/kamailio/pull/1111#issuecomment-301643800"}}}</script>