res_pjsip_outbound_authenticator_digest.c: Fix memory pool leak.

Responding to authentication challenges leaks PJSIP memory pools.

The leak was introduced with a pjproject 2.5.5 API change.
https://trac.pjsip.org/repos/ticket/1929 changed the API usage of
pjsip_auth_clt_init() to require the new API pjsip_auth_clt_deinit() to
clean up cached authentication allocations that get allocated with
pjsip_auth_clt_reinit_req().

ASTERISK-26516 #close

Change-Id: I4473141b8c3961d0dc91c382beb3876b3efb45c8

1 files changed, 11 insertions, 2 deletions

diff --git a/res/res_pjsip_outbound_authenticator_digest.c b/res/res_pjsip_outbound_authenticator_digest.c
index 86a15c7b7..ce77c3bad 100644
--- a/res/res_pjsip_outbound_authenticator_digest.c
+++ b/res/res_pjsip_outbound_authenticator_digest.c
@@ -106,6 +106,7 @@ static int digest_create_request_with_auth(const struct ast_sip_auth_vector *aut
 {
 	pjsip_auth_clt_sess auth_sess;
 	pjsip_cseq_hdr *cseq;
+	pj_status_t status;
 
 	if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(),
 				old_request->pool, 0) != PJ_SUCCESS) {
@@ -115,11 +116,19 @@ static int digest_create_request_with_auth(const struct ast_sip_auth_vector *aut
 
 	if (set_outbound_authentication_credentials(&auth_sess, auths, challenge)) {
 		ast_log(LOG_WARNING, "Failed to set authentication credentials\n");
+#if defined(HAVE_PJSIP_AUTH_CLT_DEINIT)
+		/* In case it is not a noop here in the future. */
+		pjsip_auth_clt_deinit(&auth_sess);
+#endif
 		return -1;
 	}
 
-	switch (pjsip_auth_clt_reinit_req(&auth_sess, challenge,
-				old_request, new_request)) {
+	status = pjsip_auth_clt_reinit_req(&auth_sess, challenge, old_request, new_request);
+#if defined(HAVE_PJSIP_AUTH_CLT_DEINIT)
+	/* Release any cached auths */
+	pjsip_auth_clt_deinit(&auth_sess);
+#endif
+	switch (status) {
 	case PJ_SUCCESS:
 		/* PJSIP creates a new transaction for new_request (meaning it creates a new
 		 * branch). However, it recycles the Call-ID, from-tag, and CSeq from the