From b8b60135ecc01bcac917b6851cb1d0c7e3b2051a Mon Sep 17 00:00:00 2001
From: Mark Michelson <mmichelson@digium.com>
Date: Mon, 18 Apr 2016 17:00:42 -0500
Subject: [PATCH] res_pjsip_registrar: Fix bad memory-ness with user_agent.

Recent changes to the PJSIP registrar resulted in tests failing due to
missing AOR_CONTACT_ADDED test events. The reason for this was that the
user_agent string had junk values in it, resulting in being unable to
generate the event.

I'm going to be honest here, I have no idea why this was happening. Here
are the steps needed for the user_agent variable to get messed up:
* REGISTER is received
* First contact in the REGISTER results in a contact being removed
* Second contact in the REGISTER results in a contact being added
* The contact, AOR, expiration, and user agent all have to be passed as
  format parameters to the creation of a string. Any subset of those
  parameters would not be enough to cause the problem.

Looking into what was happening, the thing that struck me as odd was
that the user_agent variable was meant to be set to the value of the
User-Agent SIP header in the incoming REGISTER. However, when removing a
contact, the user_agent variable would be set (via ast_strdupa inside a
loop) to the stored contact's user_agent. This means that the
user_agent's value would be incorrect when attempting to process further
contacts in the incoming REGISTER.

The fix here is to use a different variable for the stored user agent
when removing a contact. Correcting the behavior to be correct also
means the memory usage is less weird, and the issue no longer occurs.

ASTERISK-25929 #close
Reported by Joshua Colp

Change-Id: I7cd24c86a38dec69ebcc94150614bc25f46b8c08
---
 res/res_pjsip_registrar.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c
index a94babd88f..8edd6ee437 100644
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@@ -576,7 +576,6 @@ static int rx_task_core(struct rx_task_data *task_data, struct ao2_container *co
 			ao2_cleanup(contact_update);
 		} else {
 			/* We want to report the user agent that was actually in the removed contact */
-			user_agent = ast_strdupa(contact->user_agent);
 			ast_sip_location_delete_contact(contact);
 			ast_verb(3, "Removed contact '%s' from AOR '%s' due to request\n", contact_uri, aor_name);
 			ast_test_suite_event_notify("AOR_CONTACT_REMOVED",
@@ -585,7 +584,7 @@ static int rx_task_core(struct rx_task_data *task_data, struct ao2_container *co
 					"UserAgent: %s",
 					contact_uri,
 					aor_name,
-					user_agent);
+					contact->user_agent);
 		}
 	}
 
-- 
GitLab