Stream-isolation code does not handle NULs in SOCKS auth fields properly
The SOCKS server code goes to some trouble to handle any NULs embedded in SOCKS 4 authentication strings and SOCKS 5 usernames and passwords, and it records the lengths of those strings in the socks_request
field of the edge_connection_t
. Then the stream-isolation code uses strdup
and strcmp
on them as if they were NUL-terminated strings.
We should handle NULs embedded in those strings properly everywhere, and we should probably also use a comparison function that runs in data-independent time when comparing them.