health-check lacks iterator validation vulnerability (#4327)

ydb-platform · May 8, 2024 · 6b076d2 · 6b076d2
1 parent 1c9ad9d
commit 6b076d2
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/ydb/core/health_check/health_check.cpp b/ydb/core/health_check/health_check.cpp
@@ -1487,12 +1487,16 @@ class TSelfCheckRequest : public TActorBootstrapped<TSelfCheckRequest> {
     void FillVDiskStatus(const TString& vSlotId, Ydb::Monitoring::StorageVDiskStatus& storageVDiskStatus, TSelfCheckContext context) {
         auto itVSlot = BSConfigVSlots.find(vSlotId);
         const TEvInterconnect::TNodeInfo* nodeInfo = nullptr;
+
+        context.Location.mutable_storage()->mutable_pool()->mutable_group()->mutable_vdisk()->mutable_id()->Clear();
+        context.Location.mutable_storage()->mutable_pool()->mutable_group()->clear_id(); // you can see VDisks Group Id in vSlotId field
         if (itVSlot != BSConfigVSlots.end()) {
             TNodeId nodeId = itVSlot->second->vslotid().nodeid();
             auto itNodeInfo = MergedNodeInfo.find(nodeId);
             if (itNodeInfo != MergedNodeInfo.end()) {
                 nodeInfo = itNodeInfo->second;
             }
+            context.Location.mutable_storage()->mutable_pool()->mutable_group()->mutable_vdisk()->add_id(GetVDiskId(*itVSlot->second));
             context.Location.mutable_storage()->mutable_node()->set_id(nodeId);
         } else {
             context.Location.mutable_storage()->mutable_node()->clear_id();
@@ -1505,10 +1509,6 @@ class TSelfCheckRequest : public TActorBootstrapped<TSelfCheckRequest> {
             context.Location.mutable_storage()->mutable_node()->clear_port();
         }
 
-        context.Location.mutable_storage()->mutable_pool()->mutable_group()->mutable_vdisk()->mutable_id()->Clear();
-        context.Location.mutable_storage()->mutable_pool()->mutable_group()->mutable_vdisk()->add_id(GetVDiskId(*itVSlot->second));
-        context.Location.mutable_storage()->mutable_pool()->mutable_group()->clear_id(); // you can see VDisks Group Id in vSlotId field
-
         storageVDiskStatus.set_id(vSlotId);
 
         if (itVSlot == BSConfigVSlots.end()) { // this report, in theory, can't happen because there was slot mention in bsc group info. this slot info have to exists in bsc too