c6e8c8af66b4ea7a9df7e8cc9fc7cacb99b234a4 angie Thu Jun 9 11:35:42 2016 -0700 Revert "Limit the length of gbMembers.keyList to avoid buffer overflow (and wasted space). refs #17327 notes 98, 100, 101." This reverts commit d968686107101a1824d34a007a19c8d18b368b78. diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c index 572e87f..fc7b2b6 100644 --- src/hg/lib/wikiLink.c +++ src/hg/lib/wikiLink.c @@ -156,69 +156,59 @@ if (sameString(row[0], userName)) { struct slName *validKeyList = slNameListFromString(row[1], ','); isValid = slNameInListUseCase(validKeyList, key); } } sqlFreeResult(&sr); return isValid; } static void deleteKey(struct sqlConnection *conn, uint idx, char *key) /* Remove key from idx row's comma-separated keyList. */ { char query[2048]; sqlSafef(query, sizeof(query), "select keyList from gbMembers where idx = %u", idx); -char buf[2048]; +char buf[1024]; char *keyListStr = sqlQuickQuery(conn, query, buf, sizeof(buf)); if (isNotEmpty(keyListStr)) { struct slName *keyList = slNameListFromString(keyListStr, ','); struct slName *keyToDelete = slNameFind(keyList, key); if (keyToDelete) { slRemoveEl(&keyList, keyToDelete); char *newListStr = slNameListToString(keyList, ','); sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u", newListStr, idx); sqlUpdate(conn, query); } } } static void insertKey(struct sqlConnection *conn, uint idx, char *key) /* Add a new entry to gbMembers.keyList for idx. */ { char query[2048]; sqlSafef(query, sizeof(query), "select keyList from gbMembers where idx = %u", idx); -char buf[2048]; +char buf[1024]; char *keyListStr = sqlQuickQuery(conn, query, buf, sizeof(buf)); -if (isEmpty(keyListStr)) - sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u", key, idx); -else - { - // Orphaned keys can pile up when we test this feature by editing or deleting cookies, - // or when cookies aren't working properly. - // If there are many more keys in keyListStr than we would expect a user to have - // (e.g. 5 devices * 3 browsers = 15 keys, 28 chars per key = 420 chars, so say 1000 chars) - // then delete the oldest key(s) to avoid buffer overflow. - char *p; - while (strlen(keyListStr) > 1000 && (p = strrchr(keyListStr, ',')) != NULL) - *p = '\0'; +if (isNotEmpty(keyListStr)) sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s,%s' where idx = %u", key, keyListStr, idx); - } +else + sqlSafef(query, sizeof(query), "update gbMembers set keyList='%s' where idx = %u", key, idx); sqlUpdate(conn, query); } char *getCookieDomainString() /* Get a string that will look something like " domain=.ucsc.edu;" if central.domain * is defined, otherwise just "". Don't free result. */ { static char domainString[256]; char *domain = cloneString(cfgOption(CFG_CENTRAL_DOMAIN)); if (domain != NULL && strchr(domain, '.') != NULL) safef(domainString, sizeof(domainString), " domain=%s;", domain); else domainString[0] = '\0'; return domainString; }