diff --git a/src/util/become_user.c b/src/util/become_user.c
index c0f27a9f85..28464d37b3 100644
--- a/src/util/become_user.c
+++ b/src/util/become_user.c
@@ -106,37 +106,30 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
         return EOK;
     }
 
-    if (saved_creds) {
-        /* save current user credentials */
+    if (saved_creds) { /* save current user credentials */
         size = getgroups(0, NULL);
         if (size == -1) {
             ret = errno;
-            DEBUG(SSSDBG_CRIT_FAILURE, "Getgroups failed! (%d, %s)\n",
+            DEBUG(SSSDBG_CRIT_FAILURE, "getgroups() failed! (%d, %s)\n",
                                         ret, strerror(ret));
-            goto done;
+            return ret;
         }
 
         ssc = talloc_size(mem_ctx,
                           (sizeof(struct sss_creds) + size * sizeof(gid_t)));
         if (!ssc) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Allocation failed!\n");
-            ret = ENOMEM;
-            goto done;
+            return ENOMEM;
         }
-        ssc->num_gids = size;
 
+        ssc->num_gids = size;
         size = getgroups(ssc->num_gids, ssc->gids);
-        if (size == -1) {
-            ret = errno;
-            DEBUG(SSSDBG_CRIT_FAILURE, "Getgroups failed! (%d, %s)\n",
-                                        ret, strerror(ret));
-            /* free ssc immediately otherwise the code will try to restore
-             * wrong creds */
-            talloc_zfree(ssc);
-            goto done;
+        if (size != ssc->num_gids) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "2nd getgroups() returned different list!");
+            talloc_free(ssc);
+            return EINVAL;
         }
 
-        /* we care only about effective ids */
         ssc->uid = myuid;
         ssc->gid = mygid;
     }