src/hg/lib/wikiLink.c c6e8c8af66b4ea7a9df7e8cc9fc7cacb99b234a4

c6e8c8af66b4ea7a9df7e8cc9fc7cacb99b234a4
angie
  Thu Jun 9 11:35:42 2016 -0700
Revert "Limit the length of gbMembers.keyList to avoid buffer overflow (and wasted space).  refs #17327 notes 98, 100, 101."

This reverts commit d968686107101a1824d34a007a19c8d18b368b78.

diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c
index 572e87f..fc7b2b6 100644
--- src/hg/lib/wikiLink.c
+++ src/hg/lib/wikiLink.c
@@ -156,69 +156,59 @@
     if (sameString(row[0], userName))
         {
         struct slName *validKeyList = slNameListFromString(row[1], ',');
         isValid = slNameInListUseCase(validKeyList, key);
         }
     }
 sqlFreeResult(&sr);
 return isValid;
 }
 
 static void deleteKey(struct sqlConnection *conn, uint idx, char *key)
 /* Remove key from idx row's comma-separated keyList. */
 {
 char query[2048];
 sqlSafef(query, sizeof(query), "select keyList from gbMembers where idx = %u", idx);
-char buf[2048];
+char buf[1024];
 char *keyListStr = sqlQuickQuery(conn, query, buf, sizeof(buf));
 if (isNotEmpty(keyListStr))
     {
     struct slName *keyList = slNameListFromString(keyListStr, ',');
     struct slName *keyToDelete = slNameFind(keyList, key);
     if (keyToDelete)
         {
         slRemoveEl(&keyList, keyToDelete);
         char *newListStr = slNameListToString(keyList, ',');
         sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u",
                  newListStr, idx);
         sqlUpdate(conn, query);
         }
     }
 }
 
 static void insertKey(struct sqlConnection *conn, uint idx, char *key)
 /* Add a new entry to gbMembers.keyList for idx. */
 {
 char query[2048];
 sqlSafef(query, sizeof(query), "select keyList from gbMembers where idx = %u", idx);
-char buf[2048];
+char buf[1024];
 char *keyListStr = sqlQuickQuery(conn, query, buf, sizeof(buf));
-if (isEmpty(keyListStr))
-    sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u", key, idx);
-else
-    {
-    // Orphaned keys can pile up when we test this feature by editing or deleting cookies,
-    // or when cookies aren't working properly.
-    // If there are many more keys in keyListStr than we would expect a user to have
-    // (e.g. 5 devices * 3 browsers = 15 keys, 28 chars per key = 420 chars, so say 1000 chars)
-    // then delete the oldest key(s) to avoid buffer overflow.
-    char *p;
-    while (strlen(keyListStr) > 1000 && (p = strrchr(keyListStr, ',')) != NULL)
-        *p = '\0';
+if (isNotEmpty(keyListStr))
     sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s,%s' where idx = %u",
              key, keyListStr, idx);
-    }
+else
+    sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u", key, idx);
 sqlUpdate(conn, query);
 }
 
 char *getCookieDomainString()
 /* Get a string that will look something like " domain=.ucsc.edu;" if central.domain
  * is defined, otherwise just "".  Don't free result. */
 {
 static char domainString[256];
 char *domain = cloneString(cfgOption(CFG_CENTRAL_DOMAIN));
 if (domain != NULL && strchr(domain, '.') != NULL)
     safef(domainString, sizeof(domainString), " domain=%s;", domain);
 else
     domainString[0] = '\0';
 return domainString;
 }