[ros-diffs] [jgardou] 64619: [NTOS/SE] - Correctly reference/dereference token object when the set token is already in use.

Wed, 08 Oct 2014 12:51:25 -0700 

Author: jgardou
Date: Wed Oct  8 19:50:14 2014
New Revision: 64619

URL: http://svn.reactos.org/svn/reactos?rev=64619&view=rev
Log:
[NTOS/SE]
 - Correctly reference/dereference token object when the set token is already 
in use.

Modified:
    trunk/reactos/ntoskrnl/se/token.c

Modified: trunk/reactos/ntoskrnl/se/token.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=64619&r1=64618&r2=64619&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/se/token.c   [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c   [iso-8859-1] Wed Oct  8 19:50:14 2014
@@ -243,19 +243,28 @@
         if (OldToken == NewToken)
         {
             /* So it's a nop. */
-            PsDereferencePrimaryToken(OldToken);
+            *OldTokenP = OldToken;
             return STATUS_SUCCESS;
         }
 
         Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
         if (!NT_SUCCESS(Status))
         {
+            *OldTokenP = NULL;
             PsDereferencePrimaryToken(OldToken);
             return Status;
         }
 
-        PsDereferencePrimaryToken(OldToken);
-        return IsEqual ? STATUS_SUCCESS : STATUS_TOKEN_ALREADY_IN_USE;
+        if (!IsEqual)
+        {
+            *OldTokenP = NULL;
+            PsDereferencePrimaryToken(OldToken);
+            return STATUS_TOKEN_ALREADY_IN_USE;
+        }
+        /* Silently return STATUS_SUCCESS but do not set the new token,
+         * as it's already in use elsewhere. */
+        *OldTokenP = OldToken;
+        return STATUS_SUCCESS;
     }
 
     /* Mark new token in use */

Reply via email to