sudo/sudo-1.8.8-clangbugs.patch

diff -up sudo-1.8.8/plugins/sudoers/auth/pam.c.clangbugs sudo-1.8.8/plugins/sudoers/auth/pam.c
--- sudo-1.8.8/plugins/sudoers/auth/pam.c.clangbugs	2013-09-30 23:41:07.899529555 +0200
+++ sudo-1.8.8/plugins/sudoers/auth/pam.c	2013-09-30 23:41:58.988707761 +0200
@@ -246,6 +246,7 @@ sudo_pam_begin_session(struct passwd *pw
 	    (void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
 	    pamh = NULL;
 	    status = AUTH_FAILURE;
+	    goto done;
 	}
     }
 
diff -up sudo-1.8.8/plugins/sudoers/sssd.c.clangbugs sudo-1.8.8/plugins/sudoers/sssd.c
--- sudo-1.8.8/plugins/sudoers/sssd.c.clangbugs	2013-09-30 23:44:20.404200629 +0200
+++ sudo-1.8.8/plugins/sudoers/sssd.c	2013-09-30 23:49:05.998194738 +0200
@@ -310,11 +310,10 @@ static int sudo_sss_close(struct sudo_ns
     debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD);
 
     if (nss && nss->handle) {
-	handle = nss->handle;
-	dlclose(handle->ssslib);
+	    handle = nss->handle;
+	    dlclose(handle->ssslib);
+	    efree(nss->handle);
     }
-
-    efree(nss->handle);
     debug_return_int(0);
 }
 
@@ -705,17 +704,21 @@ sudo_sss_result_get(struct sudo_nss *nss
 	sudo_sss_result_filterp, _SUDO_SSS_FILTER_INCLUDE, NULL);
 
     if (f_sss_result != NULL) {
-	if (f_sss_result->num_rules > 0) {
-	    if (state != NULL) {
-		sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= HOSTMATCH");
-		*state |= _SUDO_SSS_STATE_HOSTMATCH;
+	    if (f_sss_result->num_rules > 0) {
+		    if (state != NULL) {
+			    sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= HOSTMATCH");
+			    *state |= _SUDO_SSS_STATE_HOSTMATCH;
+		    }
 	    }
-	}
-    }
 
-    sudo_debug_printf(SUDO_DEBUG_DEBUG,
-	"u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result,
-	u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules);
+	    sudo_debug_printf(SUDO_DEBUG_DEBUG,
+	                      "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result,
+	                      u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules);
+    } else {
+	    sudo_debug_printf(SUDO_DEBUG_DEBUG,
+	                      "u_sss_result=(%p, %u) => f_sss_result=NULL",
+	                      u_sss_result, u_sss_result->num_rules);
+    }
 
     handle->fn_free_result(u_sss_result);