Defensive programming: Use tor_malloc_zero() in var_cell_new()
To be sure that we don't leak any memory to the network (a la CVE-2011-4576), it would be good if we used tor_malloc_zero() in var_cell_new(). We currently use tor_malloc() which does not clean memory.
We currently seem to be setting var_cell_t.payload and var_cell_t.payload_len correctly before calls to connection_or_write_var_cell_to_buf(), but it would be good to future-proof ourselves.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information