Index: pci_user.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/pci/pci_user.c,v
retrieving revision 1.9
diff -u -r1.9 pci_user.c
--- pci_user.c	2003/03/03 12:15:44	1.9
+++ pci_user.c	2003/06/16 19:44:39
@@ -176,7 +176,7 @@
 	const char *name;
 	int error;
 
-	if (!(flag & FWRITE))
+	if (!(flag & FWRITE) && cmd != PCIOCGETCONF)
 		return EPERM;
 
 
@@ -342,7 +342,7 @@
 		for (cio->num_matches = 0, error = 0, i = 0,
 		     dinfo = STAILQ_FIRST(devlist_head);
 		     (dinfo != NULL) && (cio->num_matches < ionum)
-		     && (error == 0) && (i < pci_numdevs);
+		     && (error == 0) && (i < pci_numdevs) && (dinfo != NULL);
 		     dinfo = STAILQ_NEXT(dinfo, pci_links), i++) {
 
 			if (i < cio->offset)
@@ -412,7 +412,10 @@
 		}
 	case PCIOCREAD:
 		io = (struct pci_io *)data;
-		switch(io->pi_width) {
+		if (io->pi_reg < 0 || io->pi_reg + io_pi_width > PCI_REGMAX ||
+		    io->pi_reg & (io->pi_width - 1))
+			error = EINVAL;
+		else switch(io->pi_width) {
 		case 4:
 		case 2:
 		case 1:
@@ -439,7 +442,7 @@
 			}
 			break;
 		default:
-			error = ENODEV;
+			error = EINVAL;
 			break;
 		}
 		break;