diff -r 22f1ddac9cb7 Lib/test/test_winreg.py --- a/Lib/test/test_winreg.py Fri Jan 01 12:24:12 2016 -0600 +++ b/Lib/test/test_winreg.py Fri Jan 01 20:32:35 2016 -0600 @@ -56,7 +56,7 @@ def delete_tree(self, root, subkey): try: - hkey = OpenKey(root, subkey, KEY_ALL_ACCESS) + hkey = OpenKey(root, subkey, 0, KEY_ALL_ACCESS) except OSError: # subkey does not exist return @@ -367,6 +367,18 @@ finally: DeleteKey(HKEY_CURRENT_USER, test_key_name) + def test_read_string_containing_null(self): + # Test for issue 25778: REG_SZ should not contain null characters + try: + with CreateKey(HKEY_CURRENT_USER, test_key_name) as ck: + self.assertNotEqual(ck.handle, 0) + test_val = "A string\x00 with a null" + SetValueEx(ck, "test_name", 0, REG_SZ, test_val) + ret_val, ret_type = QueryValueEx(ck, "test_name") + self.assertEqual(ret_type, REG_SZ) + self.assertEqual(ret_val, "A string") + finally: + DeleteKey(HKEY_CURRENT_USER, test_key_name) @unittest.skipUnless(REMOTE_NAME, "Skipping remote registry tests") diff -r 22f1ddac9cb7 PC/winreg.c --- a/PC/winreg.c Fri Jan 01 12:24:12 2016 -0600 +++ b/PC/winreg.c Fri Jan 01 20:32:35 2016 -0600 @@ -695,14 +695,13 @@ case REG_SZ: case REG_EXPAND_SZ: { - /* the buffer may or may not have a trailing NULL */ + /* REG_SZ should be a NUL terminated string, but only by + * convention. The buffer may have been saved without a NUL + * or with embedded NULs. To be consistent with reg.exe and + * regedit.exe, consume only up to the first NUL. */ wchar_t *data = (wchar_t *)retDataBuf; - int len = retDataSize / 2; - if (retDataSize && data[len-1] == '\0') - retDataSize -= 2; - if (retDataSize <= 0) - data = L""; - obData = PyUnicode_FromWideChar(data, retDataSize/2); + size_t len = wcsnlen(data, retDataSize / sizeof(wchar_t)); + obData = PyUnicode_FromWideChar(data, len); break; } case REG_MULTI_SZ: