Index: sys/i386/isa/spigot.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
retrieving revision 1.59
diff -c -p -r1.59 spigot.c
*** sys/i386/isa/spigot.c	2 Jun 2003 16:32:55 -0000	1.59
--- sys/i386/isa/spigot.c	5 Aug 2003 23:46:41 -0000
*************** struct	spigot_info	*info;
*** 222,227 ****
--- 222,229 ----
  	if(!data) return(EINVAL);
  	switch(cmd){
  	case	SPIGOT_SETINT:
+ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ 			return EINVAL;
  		ss->p = td->td_proc;
  		ss->signal_num = *((int *)data);
  		break;
Index: sys/kern/kern_sig.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
retrieving revision 1.256
diff -c -p -r1.256 kern_sig.c
*** sys/kern/kern_sig.c	30 Jul 2003 23:11:37 -0000	1.256
--- sys/kern/kern_sig.c	5 Aug 2003 22:43:07 -0000
*************** psignal(struct proc *p, int sig)
*** 1629,1634 ****
--- 1629,1637 ----
  	struct thread *td;
  	int prop;
  
+ 	if (!_SIG_VALID(sig))
+ 		panic("psignal(): invalid signal");
+ 
  	PROC_LOCK_ASSERT(p, MA_OWNED);
  	prop = sigprop(sig);
  
*************** do_tdsignal(struct thread *td, int sig, 
*** 1673,1680 ****
  	register int prop;
  	struct sigacts *ps;
  
! 	KASSERT(_SIG_VALID(sig),
! 	    ("tdsignal(): invalid signal %d\n", sig));
  
  	p = td->td_proc;
  	ps = p->p_sigacts;
--- 1676,1683 ----
  	register int prop;
  	struct sigacts *ps;
  
! 	if (!_SIG_VALID(sig))
! 		panic("do_tdsignal(): invalid signal");
  
  	p = td->td_proc;
  	ps = p->p_sigacts;
Index: sys/kern/sys_process.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
retrieving revision 1.111
diff -c -p -r1.111 sys_process.c
*** sys/kern/sys_process.c	2 Aug 2003 17:08:21 -0000	1.111
--- sys/kern/sys_process.c	5 Aug 2003 22:56:41 -0000
*************** kern_ptrace(struct thread *td, int req, 
*** 550,557 ****
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		/* XXX data is used even in the PT_STEP case. */
! 		if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
  			error = EINVAL;
  			goto fail;
  		}
--- 550,557 ----
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		/* Zero means do not send any signal */
! 		if (data < 0 || data > _SIG_MAXSIG) {
  			error = EINVAL;
  			goto fail;
  		}