>Number:         8927
>Category:       kern
>Synopsis:       nfsrv_symlink looks up the component name with SAVESTART
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 30 17:57:00 1999
>Last-Modified:
>Originator:     
>Organization:
NASA/Ames Research Center
	
>Release:        -current source as of today, and 1.4 source.
>Environment:
	
System: NetBSD evermeet 1.4 NetBSD 1.4 (EVERMEET) #17: Thu Oct 14 15:55:33 PDT 1999 wrstuden@evermeet:/usr/src/sys/arch/i386/compile/EVERMEET i386


>Description:

For some reason, this routine (which handles requests to generate
symbolic links) performes a name lookup with the SAVESTART flag set
in the component name field.

One effect of this flag is that a reference to the parent directory
of the found node (or the directory the file is to be created in)
is stored in the ni_startdir field of the namei struct. But this reference
is never used, except in places where it is vrele'd.

I'm not sure if every error case will release this reference, which is why
it might be serious - we could leak vnode references.

>How-To-Repeat:
Look at the code.
>Fix:
I'm not 100% sure, which is why I'm filing a PR. Obviously removing the 
SAVESTART flag and the vrele's is a start. I'm not sure if this
routine is relying on some consequence of the savestart, though.
>Audit-Trail:
>Unformatted: