From e453a1e961c5f87ee193e5f9a5f9062438b0b0f3 Mon Sep 17 00:00:00 2001
From: Thomas Bluemel <thomas@reactsoft.com>
Date: Mon, 24 Jan 2005 00:09:04 +0000
Subject: [PATCH] don't copy the entire security descriptor to the stack in
 SeCaptureSecurityDescriptor() when previous mode is kernel mode and capturing
 for kernel mode is undesired

svn path=/trunk/; revision=13237
---
 reactos/ntoskrnl/se/sd.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/reactos/ntoskrnl/se/sd.c b/reactos/ntoskrnl/se/sd.c
index a4700154eac..01afd45deff 100644
--- a/reactos/ntoskrnl/se/sd.c
+++ b/reactos/ntoskrnl/se/sd.c
@@ -154,18 +154,22 @@ SeCaptureSecurityDescriptor(
         return Status;
       }
     }
+    else if(!CaptureIfKernel)
+    {
+      if(OriginalSecurityDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
+      {
+        return STATUS_UNKNOWN_REVISION;
+      }
+      
+      *CapturedSecurityDescriptor = OriginalSecurityDescriptor;
+      return STATUS_SUCCESS;
+    }
     else
     {
       /* make a copy on the stack */
       DescriptorCopy = *OriginalSecurityDescriptor;
     }
     
-    if(CurrentMode == KernelMode && !CaptureIfKernel)
-    {
-      *CapturedSecurityDescriptor = OriginalSecurityDescriptor;
-      return STATUS_SUCCESS;
-    }
-    
     if(DescriptorCopy.Revision != SECURITY_DESCRIPTOR_REVISION1)
     {
       return STATUS_UNKNOWN_REVISION;