Index: sys/kern/vfs_export.c
===================================================================
--- sys/kern/vfs_export.c
+++ sys/kern/vfs_export.c
@@ -112,6 +112,11 @@
 #endif
 	int error;
 
+	KASSERT(argp->ex_numsecflavors > 0,
+	    ("%s: numsecflavors <= 0", __func__));
+	KASSERT(argp->ex_numsecflavors < MAXSECFLAVORS,
+	    ("%s: numsecflavors >= MAXSECFLAVORS", __func__));
+
 	/*
 	 * XXX: This routine converts from a `struct xucred'
 	 * (argp->ex_anon) to a `struct ucred' (np->netc_anon).  This
@@ -300,7 +305,7 @@
 	struct netexport *nep;
 	int error;
 
-	if (argp->ex_numsecflavors < 0
+	if (argp->ex_numsecflavors <= 0
 	    || argp->ex_numsecflavors >= MAXSECFLAVORS)
 		return (EINVAL);
 
@@ -518,8 +523,13 @@
 	*extflagsp = np->netc_exflags;
 	if ((*credanonp = np->netc_anon) != NULL)
 		crhold(*credanonp);
-	if (numsecflavors)
+	if (numsecflavors) {
 		*numsecflavors = np->netc_numsecflavors;
+		KASSERT(*numsecflavors > 0,
+		    ("%s: numsecflavors <= 0", __func__));
+		KASSERT(*numsecflavors < MAXSECFLAVORS,
+		    ("%s: numsecflavors >= MAXSECFLAVORS", __func__));
+	}
 	if (secflavors)
 		*secflavors = np->netc_secflavors;
 	lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);