Memory leak in ub_ctx (event_base will never be freed)

[WolverinDEV]

Hey,
the API method ub_ctx_create_event combined with ub_ctx_delete leaks some memory (24 bytes).
This is because a new event_base will be allocated via ub_libevent_event_base, but never deallocated. Even if we call ub_ctx_delete.

[wcawijngaards]

Thanks for the heads up! Added a check that when the event base is set via this method it frees the struct that is alloced.

[fobser]

This is only true for ub_libevent_event_base in util/ub_event_pluggable.c.
The one in util/ub_event.c does not allocate memory but uses the passed in event_base.
So now I'm facing a use-after-free and most of the time event_dispatch() just returns.

[WolverinDEV]

Well this is really an major issue. It has been implemented falsely.
Lookup this part of code:

unbound/libunbound/libunbound.c

Lines 220 to 225 in 1d45b4a

	ctx->event_base = ub_libevent_event_base(eb);
	if (!ctx->event_base) {
	ub_ctx_delete(ctx);
	return NULL;
	}
	ctx->event_base_malloced = 1;

I'll create a PR in a few min which will fix this flaw

[ralphdolmans]

Hi Florian,

As far as I can tell libunbound always uses ub_event_pluggable.c, in which case this should not be an issue. That is assuming you build Unbound with the shipped Makefile. I see in the OpenBSD code that you are using your own Makefile which uses the ub_event.c, is that intentional?

[fobser]

Edit: nevermind
I'm not sure, however, this is the knob in configure if I'm not mistaken:
--enable-event-api Enable (experimental) pluggable event base
libunbound API installed to unbound-event.h
It says experimental...

[fobser]

unwind(8), which is the only consumer of libunbound in OpenBSD base, uses libevent so it felt natural to also stick to that.
I could investigate to switch to the plugable version if that's better / supported.

[fobser]

I switched unwind over to ub_event_pluggable,c and it seems to be working.
Needs a whee bit more testing though.
In any case, I don't have a strong opinion in which direction this should go.
I'd suggest to delete ub_event.c though if that's deprecated / should not be used.

[ralphdolmans]

I'm not sure, however, this is the knob in configure if I'm not mistaken:
--enable-event-api Enable (experimental) pluggable event base

I understand the confusion. I think we should remove the experimental part, especially since it is there already for 6 years. Note that the flag does not enable or disable the pluggable event base, it is about installing the header file. The ub_event_pluggable.c is always used for libunbound.

I'd suggest to delete ub_event.c though if that's deprecated / should not be used.

It is actually used when using Unbound in daemon mode, but not when using libunbound.

I switched unwind over to ub_event_pluggable,c and it seems to be working.

Yes, I think this is the right approach.