diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c
index 37d376d..bda7082 100644
--- a/plugins/sudoers/match_command.c
+++ b/plugins/sudoers/match_command.c
@@ -818,12 +818,16 @@ command_matches(const char *sudoers_cmnd, const char *sudoers_args,
 	/* Rule-specific runchroot, reset user_cmnd and user_stat. */
 	int status;
 
+	/* Save old user_cmnd first, set_cmnd_path() will free it. */
 	saved_user_cmnd = user_cmnd;
+	user_cmnd = NULL;
 	if (user_stat != NULL)
 	    saved_user_stat = *user_stat;
 	status = set_cmnd_path(runchroot);
-	if (status != FOUND)
+	if (status != FOUND) {
+	    user_cmnd = saved_user_cmnd;
 	    saved_user_cmnd = NULL;
+	}
 	if (info != NULL)
 	    info->status = status;
     }
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 3f43382..ec8deab 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -260,7 +260,9 @@ main(int argc, char *argv[])
     }
 
     /* Mock up a fake sudo_user struct. */
-    user_cmnd = user_base = (char *)"";
+    user_cmnd = user_base = strdup("true");
+    if (user_cmnd == NULL)
+	sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
     if (geteuid() == 0) {
 	const char *user = getenv("SUDO_USER");
 	if (user != NULL && *user != '\0')