From owner-freebsd-current  Mon Oct  2 16:57:33 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id QAA01386
          for current-outgoing; Mon, 2 Oct 1995 16:57:33 -0700
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id QAA01378
          for <current@freebsd.org>; Mon, 2 Oct 1995 16:57:31 -0700
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id QAA22795 for current@freebsd.org; Mon, 2 Oct 1995 16:51:58 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199510022351.QAA22795@phaeton.artisoft.com>
Subject: Another NFS server problem
To: current@freebsd.org
Date: Mon, 2 Oct 1995 16:51:58 -0700 (MST)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 616       
Sender: owner-current@freebsd.org
Precedence: bulk

Apparently, nfssrv_mkdir doesn't realize that a nfs_namei with nameiop
of CREATE causes the underlying file system to imply a SAVENAME flag
when the terminal compoenent is reached.  Therefore a failed mkdir
will result in a MALLOC of cn_pnbuf in nfs_namei() that is never freed.

The failure mode is triggered for a mkdir of an existing dir by a client,
leaving the path name buffer allocated on the server.

I'm very glad I'm making these side effect semantics more explicit.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.