[sr-dev] git:master:09218156: tm: prevent t_suspend memory leak (#2763)

GitHub noreply at github.com
Mon Jun 7 17:13:40 CEST 2021 

Module: kamailio
Branch: master
Commit: 09218156f3831ec9642d9ebf20d8668229ab16d6
URL: https://github.com/kamailio/kamailio/commit/09218156f3831ec9642d9ebf20d8668229ab16d6

Author: Julien Chavanton <jchavanton at gmail.com>
Committer: GitHub <noreply at github.com>
Date: 2021-06-07T08:13:36-07:00

tm: prevent t_suspend memory leak (#2763)

When suspending while already in t_continue when processing a reply / suspending twice in a reply.

Co-authored-by: Julien Chavanton <jchavanton at subspace.com>

---

Modified: src/modules/tm/t_suspend.c

---

Diff:  https://github.com/kamailio/kamailio/commit/09218156f3831ec9642d9ebf20d8668229ab16d6.diff
Patch: https://github.com/kamailio/kamailio/commit/09218156f3831ec9642d9ebf20d8668229ab16d6.patch

---

diff --git a/src/modules/tm/t_suspend.c b/src/modules/tm/t_suspend.c
index 04f906f53c..826307d20a 100644
--- a/src/modules/tm/t_suspend.c
+++ b/src/modules/tm/t_suspend.c
@@ -118,18 +118,23 @@ int t_suspend(struct sip_msg *msg,
 			LM_ERR("failed find UAC branch\n");
 			return -1;
 		}
-		LM_DBG("found a a match with branch id [%d] - "
-				"cloning reply message to t->uac[branch].reply\n", branch);
 
-		sip_msg_len = 0;
-		t->uac[branch].reply = sip_msg_cloner( msg, &sip_msg_len );
+		if (!t->uac[branch].reply) {
+			sip_msg_len = 0;
+			LM_DBG("found a match with branch id [%d] - "
+				"cloning reply message to t->uac[branch].reply\n", branch);
+			t->uac[branch].reply = sip_msg_cloner( msg, &sip_msg_len );
 
-		if (! t->uac[branch].reply ) {
-			LM_ERR("can't alloc' clone memory\n");
-			return -1;
+			if (! t->uac[branch].reply ) {
+				LM_ERR("can't alloc' clone memory\n");
+				return -1;
+			}
+			t->uac[branch].end_reply = ((char*)t->uac[branch].reply) + sip_msg_len;
+		} else {
+			LM_DBG("found a match with branch id [%d] - "
+				"message already cloned to t->uac[branch].reply\n", branch);
+			// This can happen when suspending more than once in a reply.
 		}
-		t->uac[branch].end_reply = ((char*)t->uac[branch].reply) + sip_msg_len;
-
 		LM_DBG("saving transaction data\n");
 		t->uac[branch].reply->flags = msg->flags;
 		t->flags |= T_ASYNC_SUSPENDED;

More information about the sr-dev mailing list