verify wraprec belongs to process before using it

newrelic · Jan 31, 2025 · d9dca49 · d9dca49
1 parent 0ac2a0b
commit d9dca49
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/agent/php_execute.c b/agent/php_execute.c
@@ -95,7 +95,11 @@
 
 static inline nruserfn_t* nr_php_get_wraprec_from_op_array_extension(const char* fn, zend_function* zf) {
   nruserfn_t* wraprec = (nruserfn_t*)ZEND_OP_ARRAY_EXTENSION(&zf->op_array, NR_PHP_PROCESS_GLOBALS(op_array_extension_handle));
-  nrl_verbosedebug(NRL_AGENT, "%s from %s, op_array_extension=%p, wraprec=%p, wraprec->pid=%d", __func__, fn, ZEND_OP_ARRAY_EXTENSION(&zf->op_array, NR_PHP_PROCESS_GLOBALS(op_array_extension_handle)), wraprec, wraprec->pid);
+  nrl_verbosedebug(NRL_AGENT, "%s from %s, op_array_extension=%p, wraprec=%p, wraprec->pid=%d", __func__, fn, ZEND_OP_ARRAY_EXTENSION(&zf->op_array, NR_PHP_PROCESS_GLOBALS(op_array_extension_handle)), wraprec, wraprec? wraprec->pid : 0);
+  if (NULL != wraprec && NRPRG(pid) != wraprec->pid) {
+    nrl_debug(NRL_AGENT, "wraprec pid mismatch: %d != %d", wraprec->pid, NRPRG(pid));
+    return NULL;
+  }
   return wraprec;
 }
 

diff --git a/agent/php_newrelic.h b/agent/php_newrelic.h
@@ -602,13 +602,13 @@ nrinibool_t
 nrinibool_t
     message_tracer_segment_parameters_enabled; /* newrelic.segment_tracer.segment_parameters.enabled */
 
+uint64_t pid;
 #if ZEND_MODULE_API_NO < ZEND_7_4_X_API_NO
 /*
  * pid and user_function_wrappers are used to store user function wrappers.
  * Storing this on a request level (as opposed to storing it on transaction
  * level) is more robust when using multiple transactions in one request.
  */
-uint64_t pid;
 nr_vector_t* user_function_wrappers;
 #endif
 

diff --git a/agent/php_rinit.c b/agent/php_rinit.c
@@ -18,6 +18,7 @@
 #include "nr_slowsqls.h"
 #include "util_logging.h"
 #include "util_strings.h"
+#include "util_syscalls.h"
 
 static void nr_php_datastore_instance_destroy(
     nr_datastore_instance_t* instance) {
@@ -60,9 +61,9 @@ PHP_RINIT_FUNCTION(newrelic) {
   NRPRG(drupal_http_request_depth) = 0;
 #endif
 #else
-  NRPRG(pid) = getpid();
   NRPRG(user_function_wrappers) = nr_vector_create(64, NULL, NULL);
 #endif
+  NRPRG(pid) = nr_getpid();
 
   if ((0 == NR_PHP_PROCESS_GLOBALS(enabled)) || (0 == NRINI(enabled))) {
     return SUCCESS;

diff --git a/agent/php_user_instrument.c b/agent/php_user_instrument.c
@@ -296,7 +296,7 @@ static void nr_php_wrap_user_function_internal(nruserfn_t* wraprec TSRMLS_DC) {
 
 static nruserfn_t* nr_php_user_wraprec_create(void) {
   nruserfn_t* wr = (nruserfn_t*)nr_zalloc(sizeof(nruserfn_t));
-  wr->pid = nr_getpid();
+  wr->pid = NRPRG(pid);
   return wr;
 }