From 8d7f7516f38d5369d3ef0c4ebf9fd0811d4717f5 Mon Sep 17 00:00:00 2001
From: Stefan 'psYchotic' Zwanenburg <stefanhetzwaantje@gmail.com>
Date: Tue, 3 Nov 2009 23:23:54 +0100
Subject: [PATCH] Changed all the sscanf calls to use the %n directive. By
 comparing the     result of this directive with the length of the token, you
 can be     sure the user entered an integer only, and not something like '1a'
     (which would have been valid before, and would have yielded 1).

---
 add.c  | 5 +++--
 del.c  | 5 +++--
 mark.c | 3 ++-
 show.c | 5 +++--
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/add.c b/add.c
index 8ecbc7f..6f4bd33 100644
--- a/add.c
+++ b/add.c
@@ -34,6 +34,7 @@ char *escape(char *string) {
 int add(sqlite3 *db, MArray tokens) {
     int parent = -1;
     int valid_parent;
+    int parsed;
     char *description;
     char *escapedDescription;
     char *query;
@@ -44,8 +45,8 @@ int add(sqlite3 *db, MArray tokens) {
         add_help();
         return 0;
     } else if (tokens->len == 2) {
-        if (sscanf(myarray_get(tokens, char *, 1), "%d", &parent) != 1 || parent < 0) {
-            printf("Invalid argument: PARENT must be a positive integer.\n");
+        if (sscanf(myarray_get(tokens, char *, 1), "%d%n", &parent, &parsed) < 1 || parsed != strlen(myarray_get(tokens, char *, 1)) ||  parent < 0) {
+            printf("Invalid argument. PARENT must be a positive integer.\n");
             add_help();
             return 0;
         }
diff --git a/del.c b/del.c
index 7df632d..96ff2d0 100644
--- a/del.c
+++ b/del.c
@@ -14,6 +14,7 @@ int del(sqlite3 *db, MArray tokens) {
     char *errmsg;
     int todo;
     int retVal;
+    int parsed;
     int hasChildren = 0;
     sqlite3_stmt *statement;
 
@@ -27,8 +28,8 @@ int del(sqlite3 *db, MArray tokens) {
         return 0;
     }
 
-    if (sscanf(myarray_get(tokens, char *, 1), "%d", &todo) != 1) {
-        printf("TODO# must be a number\n");
+    if (sscanf(myarray_get(tokens, char *, 1), "%d%n", &todo, &parsed) < 1 || parsed != strlen(myarray_get(tokens, char *, 1)) || todo < 0) {
+        printf("Invalid argument. TODO# must be a positive integer.\n");
         return 0;
     }
 
diff --git a/mark.c b/mark.c
index 67eced8..69433d5 100644
--- a/mark.c
+++ b/mark.c
@@ -78,6 +78,7 @@ int mark(sqlite3 *db, MArray tokens) {
     char *query;
     int todo;
     int retVal;
+    int parsed;
     int exists = 0;
 
     if (tokens->len == 2 && !strcmp(myarray_get(tokens, char *, 1), "help")) {
@@ -89,7 +90,7 @@ int mark(sqlite3 *db, MArray tokens) {
         return 0;
     }
 
-    if (sscanf(myarray_get(tokens, char *, 1), "%d", &todo) != 1 || todo < 0) {
+    if (sscanf(myarray_get(tokens, char *, 1), "%d%n", &todo, &parsed) < 1 || parsed != strlen(myarray_get(tokens, char *, 1)) || todo < 0) {
         printf("Invalid argument. TODO# must be a positive integer.\n");
         mark_help();
         return 0;
diff --git a/show.c b/show.c
index 7374d9b..1536fca 100644
--- a/show.c
+++ b/show.c
@@ -11,6 +11,7 @@ int show(sqlite3 *db, MArray tokens) {
     sqlite3_stmt *statement;
     int retVal;
     int todo;
+    int parsed;
     char *query;
 
     if (tokens->len == 2 && !strcmp(myarray_get(tokens, char *, 1), "help")) {
@@ -22,8 +23,8 @@ int show(sqlite3 *db, MArray tokens) {
         return 0;
     }
 
-    if (sscanf(myarray_get(tokens, char *, 1), "%d", &todo) != 1) {
-        printf("TODO# should be an actual number.\n");
+    if (sscanf(myarray_get(tokens, char *, 1), "%d%n", &todo, &parsed) < 1 || parsed != strlen(myarray_get(tokens, char *, 1)) || todo < 0) {
+        printf("Invalid argument. TODO# must be a positive integer.\n");
         show_help();
         return 0;
     }
-- 
2.11.4.GIT