From: Jérôme Gardou <jerome.gardou@reactos.org>
Date: Wed, 8 Oct 2014 19:50:14 +0000 (+0000)
Subject: [NTOS/SE]
X-Git-Tag: backups/0.3.17@66124~134
X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=ebcacdec7a825a397191a5ba20258fec149f5b01

[NTOS/SE]
 - Correctly reference/dereference token object when the set token is already in use.

svn path=/trunk/; revision=64619
---

diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c
index f476cd64e8d..4acfb34b095 100644
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@@ -243,19 +243,28 @@ SeExchangePrimaryToken(PEPROCESS Process,
         if (OldToken == NewToken)
         {
             /* So it's a nop. */
-            PsDereferencePrimaryToken(OldToken);
+            *OldTokenP = OldToken;
             return STATUS_SUCCESS;
         }
 
         Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
         if (!NT_SUCCESS(Status))
         {
+            *OldTokenP = NULL;
             PsDereferencePrimaryToken(OldToken);
             return Status;
         }
 
-        PsDereferencePrimaryToken(OldToken);
-        return IsEqual ? STATUS_SUCCESS : STATUS_TOKEN_ALREADY_IN_USE;
+        if (!IsEqual)
+        {
+            *OldTokenP = NULL;
+            PsDereferencePrimaryToken(OldToken);
+            return STATUS_TOKEN_ALREADY_IN_USE;
+        }
+        /* Silently return STATUS_SUCCESS but do not set the new token,
+         * as it's already in use elsewhere. */
+        *OldTokenP = OldToken;
+        return STATUS_SUCCESS;
     }
 
     /* Mark new token in use */