Relays should drop/destroy begin cells with streamid 0
Properly behaving clients can't generate a begin cell with streamid 0:
if (test_stream_id == 0) goto again;
but if such a begin cell does arrive at an exit, it will still launch the stream. And since relay_lookup_conn() returns NULL if streamid is 0, so there's no way to address another cell (e.g. a relay end cell) to this stream. It opens but can never be closed.
This is an issue for RELAY_COMMAND_BEGIN, RELAY_COMMAND_BEGIN_DIR, and RELAY_COMMAND_RESOLVE in particular. But we should solve it for all non-control relay cells:
1 -- RELAY_BEGIN [forward] 2 -- RELAY_DATA [forward or backward] 3 -- RELAY_END [forward or backward] 4 -- RELAY_CONNECTED [backward] 11 -- RELAY_RESOLVE [forward] 12 -- RELAY_RESOLVED [backward] 13 -- RELAY_BEGIN_DIR [forward]
I think the resolution could be to kill the circuit for breaking protocol?
Bug reported by oftc_must_be_destroyed on oftc.