Handle NULL bytes in get_components() values (#804)

* Handle NULL bytes in get_components() values

Some old software may generate "bogus" CN with each character preceded
by a NULL.

This is already handled in commonName, but wasn't in get_components()

* review fixes (fix py3 test & avoid unpack/cast)

Author: romuald

src/OpenSSL/crypto.py

@@ -695,11 +695,11 @@ def get_components(self):
             nid = _lib.OBJ_obj2nid(fname)
             name = _lib.OBJ_nid2sn(nid)
 
-            result.append((
-                _ffi.string(name),
-                _ffi.string(
-                    _lib.ASN1_STRING_data(fval),
-                    _lib.ASN1_STRING_length(fval))))
+            # ffi.string does not handle strings containing NULL bytes
+            # (which may have been generated by old, broken software)
+            value = _ffi.buffer(_lib.ASN1_STRING_data(fval),
+                                _lib.ASN1_STRING_length(fval))[:]
+            result.append((_ffi.string(name), value))
 
         return result
 

tests/test_crypto.py

@@ -1214,6 +1214,17 @@ def test_load_nul_byte_attribute(self):
         subject = cert.get_subject()
         assert "null.python.org\x00example.org" == subject.commonName
 
+    def test_load_nul_byte_components(self):
+        """
+        An `X509Name` from an `X509` instance loaded from a file can have a
+        NUL byte in the value of its components
+        """
+        cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM)
+        subject = cert.get_subject()
+        components = subject.get_components()
+        ccn = [value for name, value in components if name == b'CN']
+        assert ccn[0] == b'null.python.org\x00example.org'
+
     def test_set_attribute_failure(self):
         """
         If the value of an attribute cannot be set for some reason then