diff --git a/sys/kern/kern_systrace.c b/sys/kern/kern_systrace.c
index 970ba5c11773..dc7773219509 100644
--- a/sys/kern/kern_systrace.c
+++ b/sys/kern/kern_systrace.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_systrace.c,v 1.58 2006/09/02 06:35:49 christos Exp $	*/
+/*	$NetBSD: kern_systrace.c,v 1.59 2006/10/06 16:17:11 christos Exp $	*/
 
 /*
  * Copyright 2002, 2003 Niels Provos <provos@citi.umich.edu>
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.58 2006/09/02 06:35:49 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.59 2006/10/06 16:17:11 christos Exp $");
 
 #include "opt_systrace.h"
 
@@ -1370,9 +1370,16 @@ systrace_preprepl(struct str_process *strp, struct systrace_replace *repl)
 		return (EINVAL);
 
 	for (i = 0, len = 0; i < repl->strr_nrepl; i++) {
-		len += repl->strr_offlen[i];
+		if (repl->strr_argind[i] < 0 ||
+		    repl->strr_argind[i] >= SYSTR_MAXARGS)
+			return (EINVAL);
 		if (repl->strr_offlen[i] == 0)
 			continue;
+		len += repl->strr_offlen[i];
+		if (repl->strr_offlen[i] > SYSTR_MAXREPLEN ||
+		    repl->strr_off[i] > SYSTR_MAXREPLEN ||
+		    len > SYSTR_MAXREPLEN)
+			return (EINVAL);
 		if (repl->strr_offlen[i] + repl->strr_off[i] > len)
 			return (EINVAL);
 	}
@@ -1382,7 +1389,7 @@ systrace_preprepl(struct str_process *strp, struct systrace_replace *repl)
 		return (EINVAL);
 
 	/* Check against a maximum length */
-	if (repl->strr_len > 2048)
+	if (repl->strr_len > SYSTR_MAXREPLEN)
 		return (EINVAL);
 
 	strp->replace = (struct systrace_replace *)
@@ -1423,6 +1430,10 @@ systrace_replace(struct str_process *strp, size_t argsize, register_t args[])
 	sg = stackgap_init(p->p_emul);
 	ubase = stackgap_alloc(&sg, repl->strr_len);
 #endif
+	if (ubase == NULL) {
+		ret = EINVAL;
+		goto out;
+	}
 
 	kbase = repl->strr_base;
 	for (i = 0; i < maxarg && i < repl->strr_nrepl; i++) {
diff --git a/sys/sys/systrace.h b/sys/sys/systrace.h
index 44de42a1ac5e..6da818773510 100644
--- a/sys/sys/systrace.h
+++ b/sys/sys/systrace.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: systrace.h,v 1.20 2006/07/19 21:11:39 ad Exp $	*/
+/*	$NetBSD: systrace.h,v 1.21 2006/10/06 16:17:11 christos Exp $	*/
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -55,6 +55,7 @@ struct str_msg_execve {
 #define SYSTR_MAX_POLICIES	64
 #define SYSTR_MAXARGS		64
 #define SYSTR_MAXFNAME		8
+#define SYSTR_MAXREPLEN		2048
 
 struct str_msg_ask {
 	int32_t code;