From ad9cb6c2ce6dbe9c985c6891daf53cc4160e3a13 Mon Sep 17 00:00:00 2001
From: Mark Michelson <mmichelson@digium.com>
Date: Wed, 2 Sep 2015 17:26:14 -0500
Subject: [PATCH] res_pjsip: Fix contact refleak on stateful responses.

When sending a stateful response, creation of the transaction can fail,
most commonly because we are trying to create a transaction from a
retransmitted request. When creation of the transaction fails, we end up
leaking a reference to a contact that was bumped when the response was
created.

This patch adds the missing deref and fixes the reference leak.

Change-Id: I2f97ad512aeb1b17e87ca29ae0abacb4d6395f07
---
 res/res_pjsip.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index 8bea76715f..19f8b59acd 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3682,6 +3682,14 @@ int ast_sip_send_stateful_response(pjsip_rx_data *rdata, pjsip_tx_data *tdata, s
 	pjsip_transaction *tsx;
 
 	if (pjsip_tsx_create_uas(NULL, rdata, &tsx) != PJ_SUCCESS) {
+		struct ast_sip_contact *contact;
+
+		/* ast_sip_create_response bumps the refcount of the contact and adds it to the tdata.
+		 * We'll leak that reference if we don't get rid of it here.
+		 */
+		contact = ast_sip_mod_data_get(tdata->mod_data, supplement_module.id, MOD_DATA_CONTACT);
+		ao2_cleanup(contact);
+		ast_sip_mod_data_set(tdata->pool, tdata->mod_data, supplement_module.id, MOD_DATA_CONTACT, NULL);
 		pjsip_tx_data_dec_ref(tdata);
 		return -1;
 	}