Fix edge cases in Python and C meterpreters

rapid7 · Sep 25, 2024 · a470c4d · a470c4d
1 parent 5422a15
commit a470c4d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
@@ -107,11 +107,14 @@ DWORD request_sys_process_close(Remote *remote, Packet *packet)
 
 BOOL needs_quoting(PCHAR str)
 {
-	BOOL bNeedsQuoting = FALSE;
+	// Initial value is to need quoting, in case it's an empty arg
+	BOOL bNeedsQuoting = TRUE;
 	char* pArgIndex = str;
 	// Check whether we'll need to quote the argument
 	while (*pArgIndex != '\0')
 	{
+		// The arg is not empty
+		bNeedsQuoting = FALSE;
 		if (*pArgIndex == '\v' || *pArgIndex == ' ' || *pArgIndex == '\t')
 		{
 			bNeedsQuoting = TRUE;

diff --git a/python/meterpreter/ext_server_stdapi.py b/python/meterpreter/ext_server_stdapi.py
@@ -1435,11 +1435,15 @@ def stdapi_sys_process_execute(request, response):
             arg_string = ""
         cmd_string = cmd + ' ' + arg_string
 
-        # In case we're not using a subshell:
-        cmd_array = [cmd]
-        cmd_array.extend(shlex.split(arg_string))
+        if arg_string == '':
+            # Everything was just provided in a single argument. Need to split it out.
+            cmd_array = shlex.split(cmd)
+        else:
+            # In case we're not using a subshell:
+            cmd_array = [cmd]
+            cmd_array.extend(shlex.split(arg_string))
 
-        if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
+        if (flags & PROCESS_EXECUTE_FLAG_SUBSHELL) and os.path.isfile('/bin/sh'):
             cmd_array = ['/bin/sh', '-c', cmd_string]
 
     if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):