Stream-isolation code does not handle NULs in SOCKS auth fields properly
The SOCKS server code goes to some trouble to handle any NULs embedded in SOCKS 4 authentication strings and SOCKS 5 usernames and passwords, and it records the lengths of those strings in the
socks_request field of the
edge_connection_t. Then the stream-isolation code uses
strcmp on them as if they were NUL-terminated strings.
We should handle NULs embedded in those strings properly everywhere, and we should probably also use a comparison function that runs in data-independent time when comparing them.