keypin_load_journal_impl() might break if journal file contains NUL
The journal file reader loop in src/or/keypin.c only uses end of file or '\n' to find the end of a line, so if a line contains a NUL we may end up passing a string with one in the middle to other things:
367 STATIC int
368 keypin_load_journal_impl(const char *data, size_t size,
369 keypin_journal_pruner_t *pruner)
370 {
371 const char *start = data, *end = data + size, *next;
372
373 int n_corrupt_lines = 0;
374 int n_entries = 0;
375 int n_duplicates = 0;
376 int n_conflicts = 0;
377
378 for (const char *cp = start; cp < end; cp = next) {
379 const char *eol = memchr(cp, '\n', end-cp);
380 const char *eos = eol ? eol : end;
381 const size_t len = eos - cp;
We should think about this more and make sure this is safe.