From a470c4dc3a8bda4cd9911dfd1cb3651daf98c51c Mon Sep 17 00:00:00 2001
From: Ashley Donaldson <smashery@gmail.com>
Date: Wed, 25 Sep 2024 16:18:21 +1000
Subject: [PATCH] Fix edge cases in Python and C meterpreters

---
 .../extensions/stdapi/server/sys/process/process.c   |  5 ++++-
 python/meterpreter/ext_server_stdapi.py              | 12 ++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
index 0a56faba..7475ba3f 100644
--- a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
+++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
@@ -107,11 +107,14 @@ DWORD request_sys_process_close(Remote *remote, Packet *packet)
 
 BOOL needs_quoting(PCHAR str)
 {
-	BOOL bNeedsQuoting = FALSE;
+	// Initial value is to need quoting, in case it's an empty arg
+	BOOL bNeedsQuoting = TRUE;
 	char* pArgIndex = str;
 	// Check whether we'll need to quote the argument
 	while (*pArgIndex != '\0')
 	{
+		// The arg is not empty
+		bNeedsQuoting = FALSE;
 		if (*pArgIndex == '\v' || *pArgIndex == ' ' || *pArgIndex == '\t')
 		{
 			bNeedsQuoting = TRUE;
diff --git a/python/meterpreter/ext_server_stdapi.py b/python/meterpreter/ext_server_stdapi.py
index a10ab64e..158baca1 100644
--- a/python/meterpreter/ext_server_stdapi.py
+++ b/python/meterpreter/ext_server_stdapi.py
@@ -1435,11 +1435,15 @@ def stdapi_sys_process_execute(request, response):
             arg_string = ""
         cmd_string = cmd + ' ' + arg_string
 
-        # In case we're not using a subshell:
-        cmd_array = [cmd]
-        cmd_array.extend(shlex.split(arg_string))
+        if arg_string == '':
+            # Everything was just provided in a single argument. Need to split it out.
+            cmd_array = shlex.split(cmd)
+        else:
+            # In case we're not using a subshell:
+            cmd_array = [cmd]
+            cmd_array.extend(shlex.split(arg_string))
 
-        if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
+        if (flags & PROCESS_EXECUTE_FLAG_SUBSHELL) and os.path.isfile('/bin/sh'):
             cmd_array = ['/bin/sh', '-c', cmd_string]
 
     if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):