Defensive programming: Use tor_malloc_zero() in var_cell_new()
To be sure that we don't leak any memory to the network (a la CVE-2011-4576), it would be good if we used tor_malloc_zero()
in var_cell_new()
. We currently use tor_malloc()
which does not clean memory.
We currently seem to be setting var_cell_t.payload
and var_cell_t.payload_len
correctly before calls to connection_or_write_var_cell_to_buf()
, but it would be good to future-proof ourselves.