Index: sys/i386/isa/spigot.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
retrieving revision 1.44
diff -c -p -r1.44 spigot.c
*** sys/i386/isa/spigot.c	29 Jan 2000 16:17:36 -0000	1.44
--- sys/i386/isa/spigot.c	6 Aug 2003 21:23:07 -0000
*************** struct	spigot_info	*info;
*** 221,226 ****
--- 221,228 ----
  	if(!data) return(EINVAL);
  	switch(cmd){
  	case	SPIGOT_SETINT:
+ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ 			return (EINVAL);
  		ss->p = p;
  		ss->signal_num = *((int *)data);
  		break;
Index: sys/kern/sys_process.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
retrieving revision 1.51.2.6
diff -c -p -r1.51.2.6 sys_process.c
*** sys/kern/sys_process.c	8 Jan 2003 03:06:45 -0000	1.51.2.6
--- sys/kern/sys_process.c	6 Aug 2003 23:16:32 -0000
*************** kern_ptrace(struct proc *curp, int req, 
*** 404,410 ****
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		if ((req != PT_STEP) && ((unsigned)data > _SIG_MAXSIG))
  			return EINVAL;
  
  		PHOLD(p);
--- 404,411 ----
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		/* Zero means do not send any signal */
! 		if (data < 0 || data > _SIG_MAXSIG)
  			return EINVAL;
  
  		PHOLD(p);