From c80b9c945756c91cc5f32b9645ee9ae21af1515c Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 7 May 2015 10:56:12 -0600
Subject: [PATCH] In usergr_matches() matched should be bool but we have to
 take care to handle group_plugin_query() returning a value other than 0/1.

---
 plugins/sudoers/match.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index c0abdf055..441bfdaf9 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -862,7 +862,7 @@ done:
 bool
 usergr_matches(const char *group, const char *user, const struct passwd *pw)
 {
-    int matched = false;
+    bool matched = false;
     struct passwd *pw0 = NULL;
     debug_decl(usergr_matches, SUDOERS_DEBUG_MATCH)
 
@@ -874,7 +874,8 @@ usergr_matches(const char *group, const char *user, const struct passwd *pw)
     }
 
     if (*group == ':' && def_group_plugin) {
-	matched = group_plugin_query(user, group + 1, pw);
+	if (group_plugin_query(user, group + 1, pw) == true)
+	    matched = true;
 	goto done;
     }
 
@@ -894,7 +895,7 @@ usergr_matches(const char *group, const char *user, const struct passwd *pw)
     }
 
     /* not a Unix group, could be an external group */
-    if (def_group_plugin && group_plugin_query(user, group, pw)) {
+    if (def_group_plugin && group_plugin_query(user, group, pw) == true) {
 	matched = true;
 	goto done;
     }