fixed returning the reference to the token in SeCopyClientToken() and probe pointer when neccessary
Modified: trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/token.c
--- trunk/reactos/ntoskrnl/se/token.c	2005-02-13 09:56:12 UTC (rev 13523)
+++ trunk/reactos/ntoskrnl/se/token.c	2005-02-13 13:03:44 UTC (rev 13524)
@@ -131,13 +131,32 @@

 		  KPROCESSOR_MODE PreviousMode,
 		  PTOKEN* NewAccessToken)
 {

-  NTSTATUS Status;

   ULONG uLength;
   ULONG i;

-  

   PVOID EndMem;

-

   PTOKEN AccessToken;

+  NTSTATUS Status;
+  
+  if(PreviousMode != KernelMode)
+  {
+    Status = STATUS_SUCCESS;
+    _SEH_TRY
+    {
+      ProbeForWrite(NewAccessToken,
+                    sizeof(TOKEN),
+                    sizeof(ULONG));
+    }
+    _SEH_HANDLE
+    {
+      Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;
+    
+    if(!NT_SUCCESS(Status))
+    {
+      return Status;
+    }
+  }

 
   Status = ObCreateObject(PreviousMode,
 			  SepTokenObjectType,
@@ -244,8 +263,17 @@

 
   if ( NT_SUCCESS(Status) )
     {

-      *NewAccessToken = AccessToken;
-      return(STATUS_SUCCESS);

+      _SEH_TRY
+      {
+        *NewAccessToken = AccessToken;
+        Status = STATUS_SUCCESS;
+      }
+      _SEH_HANDLE
+      {
+        Status = _SEH_GetExceptionCode();
+      }
+      _SEH_END;
+      return Status;

     }
 
   ObDereferenceObject(AccessToken);
@@ -320,7 +348,7 @@

 				TokenImpersonation,
 				Level,
 				PreviousMode,

-			    (PTOKEN*)&NewToken);

+			        (PTOKEN*)NewToken);

    
    return(Status);
 }