You're right there's a refcount leak.  Can you rework the patch to avoid this?  One way would be to remove the later INCREF(value) and move that into the code for when value is already a unicode. Then all the error returns from them on must DECREF(value).

Also, the test for null bytes is not correct if there can be non-ASCII characters in the name (as Martin will eventually implement), since it is comparing the strlen() of the 8-bit string (which is UTF-8) with the length of the Unicode string.  I wonder if we shouldn't add a generic API that checks for null characters in a string, as I expect we'll need this in other places too and the correct idiom is much more complicated now.

I also think that you might be able to simply insist on unicode, rather than accepting both string and unicode.  That way we'll find any remaining offenders more quickly (probably there aren't many).