Check stream SENDME against max
In connection_edge_process_relay_cell() under the RELAY_COMMAND_SENDME handling, we check the circuit-level sendme against the window START_MAX, but we do not check the stream level SENDME against any max
This means that an attacker can send as many stream-level sendme's on a circuit as they like, inflating the stream window as large as they like. This might be a serious OOM bug, but the circuit level SENDME check should prevent that, I think.
Even so, it would be nice to fix this in 0.3.4, so that the vanguards script's detection of invalid/dropped circuit data is more accurate.