diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c

--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch	2015-07-07 18:51:11.000000000 +0200

+++ sudo-1.8.14b3/plugins/sudoers/ldap.c	2015-07-09 11:03:25.686645581 +0200

@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam

 }

 #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */

+/*

+ * Read a line of input, remove whole line comments and strip off leading

+ * and trailing spaces.  Returns static storage that is reused.

+ */

+static char *

+sudo_ldap_parseln(fp)

+    FILE *fp;

+{

+    size_t len;

+    char *cp = NULL;

+    static char buf[LINE_MAX];

+

+    if (fgets(buf, sizeof(buf), fp) != NULL) {

+	/* Remove comments */

+	if (*buf == '#')

+	    *buf = '\0';

+

+	/* Trim leading and trailing whitespace/newline */

+	len = strlen(buf);

+	while (len > 0 && isspace((unsigned char)buf[len - 1]))

+	    buf[--len] = '\0';

+	for (cp = buf; isblank(*cp); cp++)

+	    continue;

+    }

+    return(cp);

+}

+

 static bool

 sudo_ldap_read_config(void)

 {

@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)

     if ((fp = fopen(path_ldap_conf, "r")) == NULL)

 	debug_return_bool(false);

-    while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {

+    while ((line = sudo_ldap_parseln(fp)) != NULL) {

 	if (*line == '\0')

 	    continue;		/* skip empty line */

@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)

 	if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))

 	    sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);

     }

-    free(line);

+

     fclose(fp);

     if (!ldap_conf.host) {