From owner-freebsd-current  Tue Oct  3 08:51:50 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id IAA07305
          for current-outgoing; Tue, 3 Oct 1995 08:51:50 -0700
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id IAA07299
          for <current@freebsd.org>; Tue, 3 Oct 1995 08:51:42 -0700
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id BAA22650; Wed, 4 Oct 1995 01:49:51 +1000
Date: Wed, 4 Oct 1995 01:49:51 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199510031549.BAA22650@godzilla.zeta.org.au>
To: current@freebsd.org, terry@lambert.org
Subject: Re: Another NFS server problem
Sender: owner-current@freebsd.org
Precedence: bulk

>Apparently, nfssrv_mkdir doesn't realize that a nfs_namei with nameiop
>of CREATE causes the underlying file system to imply a SAVENAME flag
>when the terminal compoenent is reached.  Therefore a failed mkdir
>will result in a MALLOC of cn_pnbuf in nfs_namei() that is never freed.

>The failure mode is triggered for a mkdir of an existing dir by a client,
>leaving the path name buffer allocated on the server.

nfssrv_mkdir doesn't seem to be reached in that case.

Bruce