From 3a25c0b28f9bffc5e6942a7a3f5484ef903e28f6 Mon Sep 17 00:00:00 2001
From: Liviu Chircu <liviu@opensips.org>
Date: Wed, 11 Nov 2020 12:37:18 +0200
Subject: [PATCH] tm: Fix transaction leakage with global onreply_route

Given that the opensips.cfg execution order for replies is:
    1) onreply_route (global)
    2) reply_received(), i.e. "tm" module scope
      2.1) onreply_route (branch)
      2.2) onreply_route (transaction)

... this patch fixes some transaction leaks where if the script developer
matches the current transaction within global onreply_route, e.g. with a
random statement such as xlog("$T_reply_code\n"), it would cause an
extra ref after a transaction matching operation would be performed yet
again (??) within reply_received(), as the "tm" scope begins executing.

The fix is to simply avoid transaction lookups when evaluating tm
variables within the non-transactional, global SIP reply route.

Credits to Bogdan-Andrei Iancu for suggesting this solution
---
 modules/tm/tm.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/tm/tm.c b/modules/tm/tm.c
index 28f37c16971..93ad8458616 100644
--- a/modules/tm/tm.c
+++ b/modules/tm/tm.c
@@ -1584,8 +1584,7 @@ static int pv_get_tm_reply_code(struct sip_msg *msg, pv_param_t *param,
 		return -1;
 
 	/* first get the transaction */
-	if (t_check( msg , 0 )==-1) return -1;
-	if ( (t=get_t())==0) {
+	if (!(t = get_t()) || t == T_UNDEFINED) {
 		/* no T */
 		code = 0;
 	} else {
@@ -1632,8 +1631,7 @@ static int pv_get_tm_ruri(struct sip_msg *msg, pv_param_t *param,
 		return -1;
 
 	/* first get the transaction */
-	if (t_check( msg , 0 )==-1) return -1;
-	if ( (t=get_t())==0) {
+	if (!(t = get_t()) || t == T_UNDEFINED) {
 		/* no T */
 		if (msg!=NULL&&msg!=FAKED_REPLY && msg->first_line.type==SIP_REQUEST){
 			res->rs = *GET_RURI(msg);