From 54784a234ca63e91698e3bc4aac6d7177c663e92 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 18 Oct 2018 14:19:09 -0600
Subject: [PATCH] If sudo_ldap_get_values_len() fails goto cleanup instead of
 oom. This is not strictly necessary as there's not anything to cleanup in
 this case but it is more consistent with the code that follows.

---
 plugins/sudoers/ldap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 60931a592..e1f858268 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1151,13 +1151,13 @@ ldap_to_sudoers(LDAP *ld, struct ldap_result *lres,
 	struct berval **runasusers = NULL, **runasgroups = NULL;
 	struct berval **opts = NULL, **notbefore = NULL, **notafter = NULL;
 	struct privilege *priv = NULL;
-	char *cn;
+	char *cn = NULL;
 
 	/* Ignore sudoRole without sudoCommand. */
 	cmnds = sudo_ldap_get_values_len(ld, entry, "sudoCommand", &rc);
 	if (cmnds == NULL) {
 	    if (rc == LDAP_NO_MEMORY)
-		goto oom;
+		goto cleanup;
 	    continue;
 	}
 
-- 
2.40.0