extend_cell_parse: don't try to parse payload if zero length
If payload length for EXTEND2 cell is zero then extend_cell_parse() still tries to parse it by:
uint8_t n_specs = *payload
This bug should be harmless as
if (eop - payload < 2)
still true.
Fixed code should be looking like:
uint8_t n_specs = 0;
...
if (eop - payload > 0)
++payload;
...
or
uint8_t n_specs;
...
if (eop - payload < 1)
return -1;
cell_out->cell_type = RELAY_COMMAND_EXTEND2;
++payload;
or like dropping cell for any cell type if zero length.
int
extend_cell_parse(extend_cell_t *cell_out, const uint8_t command,
const uint8_t *payload, size_t payload_length)
{
const uint8_t *eop;
memset(cell_out, 0, sizeof(*cell_out));
if (payload_length > RELAY_PAYLOAD_SIZE || 0 == payload_length)
return -1;
or something.