twitter_parse_id function, with better error handling than sscanf()

Fixes issues such as parsing "reply eo" as replying to "0e",
as reported by torrancew

1 files changed, 16 insertions, 3 deletions

diff --git a/protocols/twitter/twitter.c b/protocols/twitter/twitter.c
index f3dcde31..891d07a6 100644
--- a/protocols/twitter/twitter.c
+++ b/protocols/twitter/twitter.c
@@ -851,6 +851,20 @@ static void twitter_buddy_data_free(struct bee_user *bu)
 	g_free(bu->data);
 }
 
+/* Parses a decimal or hex tweet ID, handling errors by returning 0 */
+static guint64 twitter_parse_id(char *string, int base)
+{
+	guint64 parsed;
+	char *endptr;
+
+	errno = 0;
+	parsed = g_ascii_strtoull(string, &endptr, base);
+	if (errno || endptr == string || *endptr == '\0') {
+		return 0;
+	}
+	return parsed;
+}
+
 /** Convert the given bitlbee tweet ID, bitlbee username, or twitter tweet ID
  *  into a twitter tweet ID.
  *
@@ -878,15 +892,14 @@ static guint64 twitter_message_id_from_command_arg(struct im_connection *ic, cha
 		if (arg[0] == '#') {
 			arg++;
 		}
-		if (sscanf(arg, "%" G_GINT64_MODIFIER "x", &id) == 1 &&
-		    id < TWITTER_LOG_LENGTH) {
+		if ((id = twitter_parse_id(arg, 16)) && id < TWITTER_LOG_LENGTH) {
 			bu = td->log[id].bu;
 			id = td->log[id].id;
 			/* Beware of dangling pointers! */
 			if (!g_slist_find(ic->bee->users, bu)) {
 				bu = NULL;
 			}
-		} else if (sscanf(arg, "%" G_GINT64_MODIFIER "d", &id) == 1) {
+		} else if ((id = twitter_parse_id(arg, 10))) {
 			/* Allow normal tweet IDs as well; not a very useful
 			   feature but it's always been there. Just ignore
 			   very low IDs to avoid accidents. */