From c17fa2933d49e42d429229cc185e2794ebecc1d9 Mon Sep 17 00:00:00 2001
From: Nanang Izzuddin <nanang@teluu.com>
Date: Tue, 21 Jun 2016 10:19:10 +0000
Subject: Fix #1935: Avoid shallow-cloning header in SIP registration client as
 when sending REGISTER message is done asynchronously via DNS SRV resolution,
 pjsip_regc may get destroyed prematurely and some data allocated by
 pjsip_regc pool (e.g: Contact header) will become invalid too before the
 sending process is completed.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5352 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjsip/src/pjsip-ua/sip_reg.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pjsip/src/pjsip-ua/sip_reg.c b/pjsip/src/pjsip-ua/sip_reg.c
index 52a55632..cadb1409 100644
--- a/pjsip/src/pjsip-ua/sip_reg.c
+++ b/pjsip/src/pjsip-ua/sip_reg.c
@@ -521,7 +521,7 @@ static pj_status_t create_request(pjsip_regc *regc,
 	route = regc->route_set.next;
 	while (route != &regc->route_set) {
 	    pjsip_hdr *new_hdr = (pjsip_hdr*)
-				 pjsip_hdr_shallow_clone(tdata->pool, route);
+				 pjsip_hdr_clone(tdata->pool, route);
 	    pj_list_insert_after(route_pos, new_hdr);
 	    route_pos = new_hdr;
 	    route = route->next;
@@ -535,7 +535,7 @@ static pj_status_t create_request(pjsip_regc *regc,
 	hdr = regc->hdr_list.next;
 	while (hdr != &regc->hdr_list) {
 	    pjsip_hdr *new_hdr = (pjsip_hdr*)
-				 pjsip_hdr_shallow_clone(tdata->pool, hdr);
+				 pjsip_hdr_clone(tdata->pool, hdr);
 	    pjsip_msg_add_hdr(tdata->msg, new_hdr);
 	    hdr = hdr->next;
 	}
@@ -574,7 +574,7 @@ PJ_DEF(pj_status_t) pjsip_regc_register(pjsip_regc *regc, pj_bool_t autoreg,
     hdr = regc->contact_hdr_list.next;
     while (hdr != &regc->contact_hdr_list) {
 	pjsip_msg_add_hdr(msg, (pjsip_hdr*)
-			       pjsip_hdr_shallow_clone(tdata->pool, hdr));
+			       pjsip_hdr_clone(tdata->pool, hdr));
 	hdr = hdr->next;
     }
 
@@ -589,8 +589,8 @@ PJ_DEF(pj_status_t) pjsip_regc_register(pjsip_regc *regc, pj_bool_t autoreg,
 
     if (regc->expires_hdr)
 	pjsip_msg_add_hdr(msg, (pjsip_hdr*)
-			       pjsip_hdr_shallow_clone(tdata->pool,
-						       regc->expires_hdr));
+			       pjsip_hdr_clone(tdata->pool,
+					       regc->expires_hdr));
 
     if (regc->timer.id != 0) {
 	pjsip_endpt_cancel_timer(regc->endpt, &regc->timer);
@@ -601,7 +601,7 @@ PJ_DEF(pj_status_t) pjsip_regc_register(pjsip_regc *regc, pj_bool_t autoreg,
     h_allow = pjsip_endpt_get_capability(regc->endpt, PJSIP_H_ALLOW, NULL);
     if (h_allow) {
 	pjsip_msg_add_hdr(msg, (pjsip_hdr*)
-			       pjsip_hdr_shallow_clone(tdata->pool, h_allow));
+			       pjsip_hdr_clone(tdata->pool, h_allow));
 
     }
 
@@ -646,7 +646,7 @@ PJ_DEF(pj_status_t) pjsip_regc_unregister(pjsip_regc *regc,
     hdr = (pjsip_hdr*)regc->contact_hdr_list.next;
     while ((void*)hdr != (void*)&regc->contact_hdr_list) {
 	pjsip_msg_add_hdr(msg, (pjsip_hdr*)
-			       pjsip_hdr_shallow_clone(tdata->pool, hdr));
+			       pjsip_hdr_clone(tdata->pool, hdr));
 	hdr = hdr->next;
     }
 
@@ -1171,7 +1171,7 @@ static void regc_tsx_callback(void *token, pjsip_event *event)
             chdr = regc->contact_hdr_list.next;
             while (chdr != &regc->contact_hdr_list) {
 	        pj_list_insert_before(ins_hdr, (pjsip_hdr*)
-                    pjsip_hdr_shallow_clone(tsx->last_tx->pool, chdr));
+                    pjsip_hdr_clone(tsx->last_tx->pool, chdr));
 	        chdr = chdr->next;
             }
 
-- 
cgit v1.2.3