tm: function to clean local parsed headers and body for uas request

- some modules use t->uas.request for getting attributes of the
  transaction request when processing the response, which may result in
  pointers to private memory being stored in the shared memory, causing
  crashes when other processes try to use the pointers

src/modules/tm/t_msgbuilder.c

@@ -1776,3 +1776,37 @@ error:
 	return NULL;
 }
 
+/**
+ *
+ */
+void t_uas_request_clean_parsed(tm_cell_t *t)
+{
+	struct hdr_field *hdr;
+	void *mstart;
+	void *mend;
+
+	if (!t || !t->uas.request) {
+		return;
+	}
+
+	mstart = t->uas.request;
+	mend = t->uas.end_request;
+
+	/* free header's parsed structures that were added by failure handlers */
+	for (hdr=t->uas.request->headers; hdr; hdr=hdr->next ) {
+		if (hdr->parsed && hdr_allocs_parse(hdr)
+				&& (hdr->parsed<mstart || hdr->parsed>=mend)) {
+			/* header parsed filed doesn't point inside fake memory
+			 * chunck -> it was added by failure funcs.-> free it as pkg */
+			LM_DBG("removing hdr->parsed %d\n",	hdr->type);
+			clean_hdr_field(hdr);
+			hdr->parsed = 0;
+		}
+	}
+	/* free parsed body added by failure handlers */
+	if (t->uas.request->body) {
+		if(t->uas.request->body->free)
+			t->uas.request->body->free(&t->uas.request->body);
+		t->uas.request->body = 0;
+	}
+}

src/modules/tm/t_msgbuilder.h

@@ -28,7 +28,6 @@
 #include "h_table.h"
 #include "t_reply.h"
 
-
 #define CSEQ "CSeq: "
 #define CSEQ_LEN (sizeof(CSEQ)-1)
 #define TO "To: "
@@ -45,7 +44,6 @@
 #define MAXFWD_HEADER "Max-Forwards: " MAXFWD_VALUE CRLF
 #define MAXFWD_HEADER_LEN (sizeof(MAXFWD_HEADER) - 1)
 
-
 char *build_local(struct cell *Trans, unsigned int branch,
 	unsigned int *len, char *method, int method_len, str *to
 	, struct cancel_reason* reason
@@ -92,4 +90,7 @@ int t_calc_branch(struct cell *t,
 char* print_callid_mini(char* target, str callid);
 char* print_cseq_mini(char* target, str* cseq, str* method);
 
+typedef void (*t_uas_request_clean_parsed_f)(tm_cell_t *t);
+void t_uas_request_clean_parsed(tm_cell_t *t);
+
 #endif

src/modules/tm/tm_load.c

@@ -139,6 +139,7 @@ int load_tm( struct tm_binds *tmb)
 	tmb->t_next_contacts = t_next_contacts;
 	tmb->set_fr = t_set_fr;
 	tmb->t_release_transaction = t_release_transaction;
+	tmb->t_uas_request_clean_parsed = t_uas_request_clean_parsed;
 	return 1;
 }
 

src/modules/tm/tm_load.h

@@ -38,6 +38,7 @@
 #include "t_append_branches.h"
 #include "t_stats.h"
 #include "t_serial.h"
+#include "t_msgbuilder.h"
 
 /* export not usable from scripts */
 #define NO_SCRIPT	-1
@@ -122,6 +123,7 @@ struct tm_binds {
 	cmd_function	t_next_contacts;
 	tset_fr_f set_fr;
 	trelease_t      t_release_transaction;
+	t_uas_request_clean_parsed_f t_uas_request_clean_parsed;
 };
 
 typedef struct tm_binds tm_api_t;