Replace 4 more sscanf()s with tor_sscanf()

For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.

Addresses CID # 447, 446.

changes/cov217_scanf

@@ -0,0 +1,5 @@
+  o Code simplification and refactoring:
+    - Use tor_sscanf in place of scanf in more places through the
+      code. This makes us a little more locale-independent, and
+      should help shut up code-analysis tools that can't tell
+      a safe sscanf string from a dangerous one.

src/common/compat_libevent.c

@@ -264,7 +264,7 @@ tor_decode_libevent_version(const char *v)
 
   /* Try the new preferred "1.4.11-stable" format.
    * Also accept "1.4.14b-stable". */
-  fields = sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e);
+  fields = tor_sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e);
   if (fields == 3 ||
       ((fields == 4 || fields == 5 ) && (c == '-' || c == '_')) ||
       (fields == 5 && TOR_ISALPHA(c) && (e == '-' || e == '_'))) {
@@ -272,7 +272,7 @@ tor_decode_libevent_version(const char *v)
   }
 
   /* Try the old "1.3e" format. */
-  fields = sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra);
+  fields = tor_sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra);
   if (fields == 3 && TOR_ISALPHA(c)) {
     return V_OLD(major, minor, c);
   } else if (fields == 2) {

src/or/geoip.c

@@ -116,10 +116,10 @@ geoip_parse_entry(const char *line)
     ++line;
   if (*line == '#')
     return 0;
-  if (sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) {
+  if (tor_sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) {
     geoip_add_entry(low, high, b);
     return 0;
-  } else if (sscanf(line,"\"%u\",\"%u\",\"%2s\",", &low, &high, b) == 3) {
+  } else if (tor_sscanf(line,"\"%u\",\"%u\",\"%2s\",", &low, &high, b) == 3) {
     geoip_add_entry(low, high, b);
     return 0;
   } else {