From 26d0aa3e8d7d80ce141360921f15e417a2004090 Mon Sep 17 00:00:00 2001
From: Ashley Donaldson <smashery@gmail.com>
Date: Tue, 15 Oct 2024 22:11:02 +1100
Subject: [PATCH] Changes from code review

---
 .../meterpreter/stdapi/stdapi_sys_process_execute.java    | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
index 9c0ff6d91..4bec2f964 100644
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
@@ -68,8 +68,12 @@ public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket respons
     // On Windows, Java quote-escapes _some_ arguments (like those with spaces), but doesn't deal correctly with some
     // edge cases; e.g. empty strings, strings that already have quotes.
     protected String escapeArg(String arg) {
-        if (System.getProperty("os.name").toLowerCase().contains("windows")) {
-            if (arg == "") {
+        if (arg == null) {
+            return null;
+        }
+        String osName = System.getProperty("os.name");
+        if (osName != null && osName.toLowerCase().contains("windows")) {
+            if (arg.equals("")) {
                 return "\"\"";
             } else {
                 StringBuilder sb = new StringBuilder();