conflux_send_switch_command: Messages too long?

Have a look at conflux_send_switch_command. It does this:

  /* Send the switch command to the new hop */
  if (CIRCUIT_IS_ORIGIN(send_circ)) {
    relay_send_command_from_edge(0, send_circ,
                               RELAY_COMMAND_CONFLUX_SWITCH,
                               (const char*)cell.payload,
                               RELAY_PAYLOAD_SIZE,
                               TO_ORIGIN_CIRCUIT(send_circ)->cpath->prev);
  } else {
    relay_send_command_from_edge(0, send_circ,
                               RELAY_COMMAND_CONFLUX_SWITCH,
                               (const char*)cell.payload,
                                 RELAY_PAYLOAD_SIZE,
                                 NULL);
  }

Note the use of RELAY_PAYLOAD_SIZE here; it's sending the entirety of cell.payload to the other end of the circuit!

Instead, it should just send the switch command.