core: parser: path_vector is now copied into shared memory when cloning

	- fixes in place to cater for freeing memory correctly

parser/msg_parser.c

@@ -829,8 +829,13 @@ int set_path_vector(struct sip_msg* msg, str* path)
 
 void reset_path_vector(struct sip_msg* const msg)
 {
-	if(msg->path_vec.s != 0) {
+	/* only free path vector from pkg IFF it is still in pkg... - ie. if msg is shm we don't free... */
+	if (msg->path_vec.s && likely(msg->path_vec.s >= msg->buf && (msg->path_vec.s < (msg->buf + msg->len)))) {
 		pkg_free(msg->path_vec.s);
+	} else {
+		if (msg->path_vec.s)
+			/* don't reset path_vec if it is shm */
+			return;
 	}
 	msg->path_vec.s = 0;
 	msg->path_vec.len = 0;

sip_msg_clone.c

@@ -395,6 +395,8 @@ struct sip_msg*  sip_msg_shm_clone( struct sip_msg *org_msg, int *sip_msg_len,
 	/*the dst uri (if any)*/
 	if (org_msg->dst_uri.s && org_msg->dst_uri.len)
 		len+= ROUND4(org_msg->dst_uri.len);
+	if (org_msg->path_vec.s && org_msg->path_vec.len)
+			len+= ROUND4(org_msg->path_vec.len);
 	/*all the headers*/
 	for( hdr=org_msg->headers ; hdr ; hdr=hdr->next )
 	{
@@ -522,6 +524,7 @@ struct sip_msg*  sip_msg_shm_clone( struct sip_msg *org_msg, int *sip_msg_len,
 	/* zero *uri.s, in case len is 0 but org_msg->*uris!=0 (just to be safe)*/
 	new_msg->new_uri.s = 0;
 	new_msg->dst_uri.s = 0;
+	new_msg->path_vec.s = 0;
 	/* new_uri */
 	if (org_msg->new_uri.s && org_msg->new_uri.len)
 	{
@@ -536,9 +539,13 @@ struct sip_msg*  sip_msg_shm_clone( struct sip_msg *org_msg, int *sip_msg_len,
 		memcpy( p , org_msg->dst_uri.s , org_msg->dst_uri.len);
 		p += ROUND4(org_msg->dst_uri.len);
 	}
-	/* path_vec is not cloned (it's reset instead) */
-	new_msg->path_vec.s=0;
-	new_msg->path_vec.len=0;
+	/* path vector */
+	if (org_msg->path_vec.s && org_msg->path_vec.len) {
+		new_msg->path_vec.s = p;
+		memcpy(p, org_msg->path_vec.s, org_msg->path_vec.len);
+		p += ROUND4(org_msg->path_vec.len);
+	}
+
 	/* instance is not cloned (it's reset instead) */
 	new_msg->instance.s=0;
 	new_msg->instance.len=0;