Index: sys/i386/isa/spigot.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v retrieving revision 1.55 diff -c -r1.55 spigot.c *** sys/i386/isa/spigot.c 1 Apr 2002 21:30:42 -0000 1.55 --- sys/i386/isa/spigot.c 10 Aug 2003 23:16:30 -0000 *************** *** 227,232 **** --- 227,234 ---- if(!data) return(EINVAL); switch(cmd){ case SPIGOT_SETINT: + if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG) + return EINVAL; ss->p = td->td_proc; ss->signal_num = *((int *)data); break; Index: sys/kern/kern_sig.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v retrieving revision 1.197 diff -c -r1.197 kern_sig.c *** sys/kern/kern_sig.c 25 Oct 2002 19:10:57 -0000 1.197 --- sys/kern/kern_sig.c 10 Aug 2003 23:16:32 -0000 *************** *** 1343,1351 **** struct thread *td; register int prop; ! ! KASSERT(_SIG_VALID(sig), ! ("psignal(): invalid signal %d\n", sig)); PROC_LOCK_ASSERT(p, MA_OWNED); KNOTE(&p->p_klist, NOTE_SIGNAL | sig); --- 1343,1350 ---- struct thread *td; register int prop; ! if (!_SIG_VALID(sig)) ! panic("psignal(): invalid signal"); PROC_LOCK_ASSERT(p, MA_OWNED); KNOTE(&p->p_klist, NOTE_SIGNAL | sig); Index: sys/kern/sys_process.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_process.c,v retrieving revision 1.104 diff -c -r1.104 sys_process.c *** sys/kern/sys_process.c 16 Oct 2002 16:28:33 -0000 1.104 --- sys/kern/sys_process.c 10 Aug 2003 23:16:32 -0000 *************** *** 547,554 **** case PT_STEP: case PT_CONTINUE: case PT_DETACH: ! /* XXX data is used even in the PT_STEP case. */ ! if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) { error = EINVAL; goto fail; } --- 547,554 ---- case PT_STEP: case PT_CONTINUE: case PT_DETACH: ! /* Zero means do not send any signal */ ! if (data < 0 || data > _SIG_MAXSIG) { error = EINVAL; goto fail; }