From f792bc36a02430e32131864761531e7f1cd8a6fb Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey@reactos.org>
Date: Sun, 6 Aug 2006 22:02:02 +0000
Subject: [PATCH] Relax restriction on the segment in NtSetLdtEntries(). Look
 into diff for details. Thanks to Myria for providing information.

There were no reasons found which can proof that this change could lead to security issues.

svn path=/trunk/; revision=23509
---
 reactos/ntoskrnl/ke/i386/ldt.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/reactos/ntoskrnl/ke/i386/ldt.c b/reactos/ntoskrnl/ke/i386/ldt.c
index c138c65a861..e364b68aafb 100644
--- a/reactos/ntoskrnl/ke/i386/ldt.c
+++ b/reactos/ntoskrnl/ke/i386/ldt.c
@@ -58,8 +58,20 @@ BOOL PspIsDescriptorValid(PLDT_ENTRY ldt_entry)
     SegLimit=(SegLimit << 12) | 0xfff;
   }
 
-  return ((Base + SegLimit > (ULONG) MmHighestUserAddress) ||
-          (Base > Base+SegLimit) ? FALSE : TRUE);
+  if ((Base + SegLimit > (ULONG_PTR) MmHighestUserAddress) ||
+      (Base > Base+SegLimit))
+  {
+    DPRINT1("WARNING: Windows would mark this descriptor invalid!");
+  }
+
+  /*
+     Certain "DOS32" programs expect to be able to create DPMI selectors
+     that wrap the address space.  Windows NT does not allow user-created
+     selectors to reach into kernel memory.  However, there is no security
+     risk in allowing it; the page table will prevent access anyway.
+  */  
+  return (/*(Base + SegLimit > (ULONG_PTR) MmHighestUserAddress) ||
+          (Base > Base+SegLimit) ? FALSE : TRUE*/ TRUE);
 }
 
 NTSTATUS STDCALL