From d245e7978dc5761ebdf6ec5e8df77182d0aa5f8e Mon Sep 17 00:00:00 2001
From: Rob Shearman <rob@codeweavers.com>
Date: Wed, 30 Apr 2008 22:05:17 +0100
Subject: [PATCH] advapi32: Make sure not to return a credential with a NULL
 UserName field when a Mac Keychain doesn't have an account name attribute.

---
 dlls/advapi32/cred.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dlls/advapi32/cred.c b/dlls/advapi32/cred.c
index 44de697df2c..50a27c0b341 100644
--- a/dlls/advapi32/cred.c
+++ b/dlls/advapi32/cred.c
@@ -250,6 +250,7 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
     void *cred_blob;
     LPWSTR domain = NULL;
     LPWSTR user = NULL;
+    BOOL user_name_present = FALSE;
     SecKeychainAttributeInfo info;
     SecKeychainAttributeList *attr_list;
     UInt32 info_tags[] = { kSecServerItemAttr, kSecSecurityDomainItemAttr, kSecAccountItemAttr,
@@ -269,6 +270,19 @@ static DWORD mac_read_credential_from_item(SecKeychainItemRef item, BOOL require
         WARN("SecKeychainItemCopyAttributesAndData returned status %ld\n", status);
         return ERROR_NOT_FOUND;
     }
+
+    for (i = 0; i < attr_list->count; i++)
+        if (attr_list->attr[i].tag == kSecAccountItemAttr && attr_list->attr[i].data)
+        {
+            user_name_present = TRUE;
+            break;
+        }
+    if (!user_name_present)
+    {
+        WARN("no kSecAccountItemAttr for item\n");
+        return ERROR_NOT_FOUND;
+    }
+
     if (buffer)
     {
         credential->Flags = 0;