diff --git a/MANIFEST b/MANIFEST
index f3993d9bb..acd0120ca 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -668,6 +668,7 @@ plugins/sudoers/regress/cvtsudoers/test8.sh
 plugins/sudoers/regress/cvtsudoers/test9.out.ok
 plugins/sudoers/regress/cvtsudoers/test9.sh
 plugins/sudoers/regress/env_match/check_env_pattern.c
+plugins/sudoers/regress/env_match/check_exptilde.c
 plugins/sudoers/regress/env_match/data
 plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
 plugins/sudoers/regress/logging/check_wrap.c
diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index 6988f1847..7b7358a84 100644
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -1047,9 +1047,13 @@ sha2.i: $(srcdir)/sha2.c $(incdir)/compat/endian.h $(incdir)/compat/sha2.h \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 sha2.plog: sha2.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sha2.c --i-file $< --output-file $@
-sig2str.lo: $(srcdir)/sig2str.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
+sig2str.lo: $(srcdir)/sig2str.c $(incdir)/compat/stdbool.h \
+            $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sig2str.c
-sig2str.i: $(srcdir)/sig2str.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
+sig2str.i: $(srcdir)/sig2str.c $(incdir)/compat/stdbool.h \
+            $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+            $(top_builddir)/config.h
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 sig2str.plog: sig2str.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sig2str.c --i-file $< --output-file $@
diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index 3f6944121..e312695f6 100644
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -152,9 +152,9 @@ SHELL = @SHELL@
 
 PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers
 
-TEST_PROGS = check_addr check_base64 check_digest check_env_pattern check_fill \
-	     check_gentime check_hexchar check_iolog_plugin check_wrap \
-	     check_starttime @SUDOERS_TEST_PROGS@
+TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \
+	     check_exptilde check_fill check_gentime check_hexchar \
+	     check_iolog_plugin check_wrap check_starttime @SUDOERS_TEST_PROGS@
 
 AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
 
@@ -212,6 +212,8 @@ CHECK_DIGEST_OBJS = check_digest.o filedigest.lo digestname.lo sudoers_debug.lo
 
 CHECK_ENV_MATCH_OBJS = check_env_pattern.o env_pattern.lo sudoers_debug.lo
 
+CHECK_EXPTILDE_OBJS = check_exptilde.o exptilde.lo pwutil.lo pwutil_impl.lo redblack.lo sudoers_debug.lo
+
 CHECK_FILL_OBJS = check_fill.o hexchar.lo toke_util.lo sudoers_debug.lo
 
 CHECK_GENTIME_OBJS = check_gentime.o gentime.lo gmtoff.lo sudoers_debug.lo
@@ -306,6 +308,9 @@ check_digest: $(CHECK_DIGEST_OBJS) $(LIBUTIL)
 check_env_pattern: $(CHECK_ENV_MATCH_OBJS) $(LIBUTIL)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_ENV_MATCH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
 
+check_exptilde: $(CHECK_EXPTILDE_OBJS) $(LIBUTIL)
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_EXPTILDE_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
+
 check_fill: $(CHECK_FILL_OBJS) $(LIBUTIL)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
 
@@ -464,6 +469,7 @@ check: $(TEST_PROGS) visudo testsudoers cvtsudoers
 		diff regress/parser/check_digest.out $(srcdir)/regress/parser/check_digest.out.ok || rval=`expr $$rval + $$?`; \
 	    fi; \
 	    ./check_env_pattern $(srcdir)/regress/env_match/data || rval=`expr $$rval + $$?`; \
+	    ./check_exptilde || rval=`expr $$rval + $$?`; \
 	    ./check_fill || rval=`expr $$rval + $$?`; \
 	    ./check_gentime || rval=`expr $$rval + $$?`; \
 	    ./check_hexchar || rval=`expr $$rval + $$?`; \
@@ -893,6 +899,30 @@ check_env_pattern.i: $(srcdir)/regress/env_match/check_env_pattern.c \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 check_env_pattern.plog: check_env_pattern.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/env_match/check_env_pattern.c --i-file $< --output-file $@
+check_exptilde.o: $(srcdir)/regress/exptilde/check_exptilde.c \
+                  $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
+                  $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                  $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                  $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                  $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+                  $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                  $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
+                  $(top_builddir)/pathnames.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/exptilde/check_exptilde.c
+check_exptilde.i: $(srcdir)/regress/exptilde/check_exptilde.c \
+                  $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
+                  $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                  $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                  $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                  $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+                  $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                  $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
+                  $(top_builddir)/pathnames.h
+	$(CC) -E -o $@ $(CPPFLAGS) $<
+check_exptilde.plog: check_exptilde.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/exptilde/check_exptilde.c --i-file $< --output-file $@
 check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
diff --git a/plugins/sudoers/exptilde.c b/plugins/sudoers/exptilde.c
index c9658e4d7..4a21a3225 100644
--- a/plugins/sudoers/exptilde.c
+++ b/plugins/sudoers/exptilde.c
@@ -74,7 +74,7 @@ expand_tilde(char **path, const char *user)
 	    *slash = '\0';
 	    opath = slash + 1;
 	} else {
-	    opath = NULL;
+	    opath = "";
 	}
     }
     pw = sudo_getpwnam(user);
@@ -86,8 +86,7 @@ expand_tilde(char **path, const char *user)
 	debug_return_bool(false);
     }
 
-    len = asprintf(&npath, "%s%s%s", pw->pw_dir, opath ? "/" : "",
-	opath ? opath : "");
+    len = asprintf(&npath, "%s%s%s", pw->pw_dir, slash ? "/" : "", opath);
     sudo_pw_delref(pw);
     if (len == -1) {
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
diff --git a/plugins/sudoers/regress/exptilde/check_exptilde.c b/plugins/sudoers/regress/exptilde/check_exptilde.c
new file mode 100644
index 000000000..02d4bf087
--- /dev/null
+++ b/plugins/sudoers/regress/exptilde/check_exptilde.c
@@ -0,0 +1,101 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#define SUDO_ERROR_WRAP 0
+
+#include "sudoers.h"
+
+#include <def_data.c>
+
+struct sudo_user sudo_user;
+
+struct test_data {
+    char *input;
+    char *output;
+    char *user;
+    bool result;
+} test_data[] = {
+    { "foo/bar", NULL, NULL, false },
+    { "~root", "/", NULL, true },
+    { "~", "/home/millert", "millert", true },
+    { "~millert", "/home/millert", "millert", true },
+    { NULL }
+};
+
+sudo_dso_public int main(int argc, char *argv[]);
+
+int
+main(int argc, char *argv[])
+{
+    int ntests = 0, errors = 0;
+    struct test_data *td;
+    struct passwd *pw;
+    char *path = NULL;
+    bool result;
+
+    initprogname(argc > 0 ? argv[0] : "check_exptilde");
+
+    /* Prime the passwd cache */
+    pw = sudo_mkpwent("root", 0, 0, "/", "/bin/sh");
+    if (pw == NULL)
+	sudo_fatalx("unable to create passwd entry for root");
+    sudo_pw_delref(pw);
+
+    pw = sudo_mkpwent("millert", 8036, 20, "/home/millert", "/bin/tcsh");
+    if (pw == NULL)
+	sudo_fatalx("unable to create passwd entry for millert");
+    sudo_pw_delref(pw);
+
+    for (td = test_data; td->input != NULL; td++) {
+	ntests++;
+	free(path);
+	if ((path = strdup(td->input)) == NULL)
+	    sudo_fatal(NULL);
+	result = expand_tilde(&path, td->user);
+	if (result != td->result) {
+	    errors++;
+	    if (result) {
+		sudo_warnx("unexpected success: input %s, output %s", 
+		    td->input, path);
+	    } else {
+		sudo_warnx("unexpected failure: input %s", td->input);
+	    }
+	    continue;
+	}
+	if (td->result && strcmp(path, td->output) != 0) {
+	    errors++;
+	    sudo_warnx("incorrect output for input %s: expected %s, got %s",
+		td->input, td->output, path);
+	    continue;
+	}
+    }
+
+    printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(),
+	ntests, errors, (ntests - errors) * 100 / ntests);
+
+    exit(errors);
+}