diff --git a/parse.lex b/parse.lex
index 5c91b0d9e..502597383 100644
--- a/parse.lex
+++ b/parse.lex
@@ -523,6 +523,7 @@ buffer_frob(path)
 {
     static size_t stacksize, depth;
     static struct sudoers_state *state;
+    static int keepopen;
     FILE *fp;
 
     if (path != NULL) {
@@ -542,7 +543,7 @@ buffer_frob(path)
 		return(FALSE);
 	    }
 	}
-	if ((fp = open_sudoers(path)) == NULL) {
+	if ((fp = open_sudoers(path, &keepopen)) == NULL) {
 	    yyerror(path);
 	    return(FALSE);
 	}
@@ -558,12 +559,14 @@ buffer_frob(path)
 	if (depth == 0)
 	    return(FALSE);
 	depth--;
-	fclose(YY_CURRENT_BUFFER->yy_input_file);
+	if (!keepopen)
+	    fclose(YY_CURRENT_BUFFER->yy_input_file);
 	yy_delete_buffer(YY_CURRENT_BUFFER);
 	yy_switch_to_buffer(state[depth].bs);
 	free(sudoers);
 	sudoers = state[depth].path;
 	sudolineno = state[depth].lineno;
+	keepopen = FALSE;
     }
     return(TRUE);
 }
diff --git a/sudo.c b/sudo.c
index 81a62f270..e43144238 100644
--- a/sudo.c
+++ b/sudo.c
@@ -259,7 +259,7 @@ main(argc, argv, envp)
     else if (ISSET(validated, VALIDATE_OK) && !printmatches); /* skips */
     else if (ISSET(validated, VALIDATE_OK) && printmatches)
     {
-	sudoers_fp = open_sudoers(_PATH_SUDOERS);
+	sudoers_fp = open_sudoers(_PATH_SUDOERS, NULL);
 
 	/* User is found in LDAP and we want a list of all sudo commands the
 	 * user can do, so consult sudoers but throw away result.
@@ -269,7 +269,7 @@ main(argc, argv, envp)
     else
 #endif
     {
-	sudoers_fp = open_sudoers(_PATH_SUDOERS);
+	sudoers_fp = open_sudoers(_PATH_SUDOERS, NULL);
 
 	/* Validate the user but don't search for pseudo-commands. */
 	validated = sudoers_lookup(pwflag);
@@ -852,8 +852,9 @@ parse_args(argc, argv)
  * Returns a handle to the sudoers file.
  */
 FILE *
-open_sudoers(sudoers)
+open_sudoers(sudoers, keepopen)
     const char *sudoers;
+    int *keepopen;
 {
     struct stat statbuf;
     FILE *fp = NULL;
diff --git a/sudo.h b/sudo.h
index 68a4311c0..8fe84dc08 100644
--- a/sudo.h
+++ b/sudo.h
@@ -238,7 +238,7 @@ char *sudo_getepw	__P((const struct passwd *));
 int pam_prep_user	__P((struct passwd *));
 void zero_bytes		__P((volatile VOID *, size_t));
 int gettime		__P((struct timespec *));
-FILE *open_sudoers	__P((const char *));
+FILE *open_sudoers	__P((const char *, int *));
 YY_DECL;
 #ifdef HAVE_SYSTRACE
 void systrace_attach	__P((pid_t));
diff --git a/testsudoers.c b/testsudoers.c
index ca137823e..0f779edbb 100644
--- a/testsudoers.c
+++ b/testsudoers.c
@@ -336,8 +336,9 @@ set_runaspw(user)
 }
 
 FILE *
-open_sudoers(path)
+open_sudoers(path, keepopen)
     const char *path;
+    int *keepopen;
 {
     return(fopen(path, "r"));
 }
diff --git a/visudo.c b/visudo.c
index f4c2c9844..790d02e42 100644
--- a/visudo.c
+++ b/visudo.c
@@ -722,8 +722,9 @@ check_syntax(sudoers_path)
 }
 
 FILE *
-open_sudoers(path)
+open_sudoers(path, keepopen)
     const char *path;
+    int *keepopen;
 {
     FILE *fp;
     struct sudoersfile *newfile;