DragonFlyBSD Kernel Audit
DF-0001 / fix.diff
← back to finding ↓ download raw
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -4035,7 +4035,8 @@ kern_truncate(struct nlookupdata *nd, off_t length)
 	}
 	if (vfs_quota_enabled) {
 		error = VOP_GETATTR(vp, &vattr);
-		KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
+		if (error)
+			goto done;		/* vput(vp) releases lock + ref */
 		uid = vattr.va_uid;
 		gid = vattr.va_gid;
 		old_size = vattr.va_size;
@@ -4110,7 +4111,10 @@ kern_ftruncate(int fd, off_t length)
 
 	if (vfs_quota_enabled) {
 		error = VOP_GETATTR_FP(vp, &vattr, fp);
-		KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
+		if (error) {
+			vn_unlock(vp);
+			goto done;	/* fdrop(fp) at 'done' releases fp */
+		}
 		uid = vattr.va_uid;
 		gid = vattr.va_gid;
 		old_size = vattr.va_size;