From 35c41deb41c1a681b5b612e14868f37d9f68f32b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 13 Mar 2014 08:21:04 -0600
Subject: [PATCH] Fix "sudo -l command" output when the matching command is
 negated. Bug #636

---
 plugins/sudoers/parse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c
index a5e42147f..4fab89c6b 100644
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -697,7 +697,8 @@ sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 		if (runas_match == ALLOW) {
 		    cmnd_match = cmnd_matches(cs->cmnd);
 		    if (cmnd_match != UNSPEC) {
-			match = host_match && runas_match ? cs->cmnd : NULL;
+			if (cmnd_match == ALLOW)
+			    match = cs->cmnd;
 			goto matched;
 		    }
 		}