From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Mon, 25 May 2026 19:21:33 +0000 (-0300)
Subject: security: Round 6.3 shell command substitution fix (A18)
X-Git-Url: https://projects.tadryanom.me/?a=commitdiff_plain;h=0c76ae71f7619c1611b44a2132102402446a320c;p=AdrOS.git

security: Round 6.3 shell command substitution fix (A18)

A18: Fix shell command substitution  syntax
- expand_vars was adding '(' at the start but missing ')' at the end
- Added closing parenthesis to properly wrap subshell command
- Changed cmd[1 + cmdlen] = '\0' to cmd[1 + cmdlen] = ')' and cmd[2 + cmdlen] = '\0'

Tests: 119/119 PASS (smoke test, SMP=4)
---

diff --git a/user/cmds/sh/sh.c b/user/cmds/sh/sh.c
index 3c606322..c00d7a4c 100644
--- a/user/cmds/sh/sh.c
+++ b/user/cmds/sh/sh.c
@@ -472,7 +472,8 @@ static void expand_vars(const char* src, char* dst, int maxlen) {
                 char cmd[258];
                 cmd[0] = '(';  /* wrap in subshell */
                 memcpy(cmd + 1, start, (size_t)cmdlen);
-                cmd[1 + cmdlen] = '\0';
+                cmd[1 + cmdlen] = ')';  /* A18: add closing parenthesis */
+                cmd[2 + cmdlen] = '\0';
                 int pfd[2];
                 if (pipe(pfd) == 0) {
                     int pid = fork();