OpenSIPS version you are running
version: opensips 3.6.6 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, F_PARALLEL_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: 26c0c4e33
main.c compiled on 04:03:06 May 21 2026 with cc 8
Describe the bug
A shmem memory leak has been detected. The issue manifests itself when retrying an async request (async(rest_post(...) ). After the first attempt and receiving a 500 response from the HTTP service, a failover occurs and a second async request is made to the backup HTTP server. For the bug to manifest, it is essential that the original SIP message be modified before the async requests are made. If no modifications are made, the issue does not occur.
To Reproduce
To reproduce the issue, you need to send an INVITE call to OpenSIPS. During processing, an async request (async(rest_post(...)) is executed to the HTTP server. This returns a 500 status code, fails, and a second async request is made. The original SIP message must be modified prior to these requests (headers added/removed, field data changed, etc.). Example config code that reproduces the issue:
route {
...
if ($rm=="INVITE") {
append_hf("X-Test: test\r\n");
$du="sip:IP:PORT"; #modify to UAS
$var(i) = 1;
$var(sock) = "127.0.0.1:9997"; #first address of http-serice
route(TEST_RESUME_1);
}
route(TEST_RELAY);
}
route[TEST_RESUME_1] {
async(rest_post($var(sock), $ci, , $avp(rest_rsp), , $avp(rest_result)), TEST_RESUME_2);
}
route[TEST_RESUME_2] {
if ($var(i) < 2) {
$var(i) += 1;
$var(sock) = "127.0.0.1:9998"; #second address of http-serice
route(TEST_RESUME_1);
}
route(TEST_RELAY);
}
route[TEST_RELAY] {
if (!t_relay()) {
sl_reply_error();
}
exit;
}
OS/environment information
- Operating System: CentOS 8
- OpenSIPS installation: rpm packets
- other relevant information:
Additional context
This patch fix this problem:
--- modules/tm/async.c
+++ modules/tm/async.c
@@ -432,7 +432,8 @@
} else {
/* update the cloned UAS (from transaction)
with data from current msg /
- if ((t->uas.request) && (route_type==REQUEST_ROUTE))
+ if ((t->uas.request) && (route_type==REQUEST_ROUTE) &&
+ ((msg->msg_flags & FL_TM_FAKE_REQ) == 0))
update_cloned_msg_from_msg( t->uas.request, msg);
}
OpenSIPS version you are running
Describe the bug
A shmem memory leak has been detected. The issue manifests itself when retrying an async request (async(rest_post(...) ). After the first attempt and receiving a 500 response from the HTTP service, a failover occurs and a second async request is made to the backup HTTP server. For the bug to manifest, it is essential that the original SIP message be modified before the async requests are made. If no modifications are made, the issue does not occur.
To Reproduce
To reproduce the issue, you need to send an INVITE call to OpenSIPS. During processing, an async request (async(rest_post(...)) is executed to the HTTP server. This returns a 500 status code, fails, and a second async request is made. The original SIP message must be modified prior to these requests (headers added/removed, field data changed, etc.). Example config code that reproduces the issue:
OS/environment information
Additional context
This patch fix this problem: