This behaviour also occurs in 3.3, where this does appear to be a bug. In Modules/_ctypes/cfield.c, the setting code does a strlen(), which is in fact questioned in a comment. In function s_set():

size = strlen(data); /* XXX Why not Py_SIZE(value)? */

Why not, indeed? value is the bytes object passed in, and using Py_SIZE does indeed copy all the bytes. However, it's operating in string rather than buffer mode: for example, it adds a byte for a terminating NUL, so if the 5-byte value b'x\x00y\x00z' were passed, 6 bytes are actually copied. This doesn't seem right.

Even after changing s_set to use Py_SIZE, you can't see the copied bytes when you access the attribute, since the code in s_get() skips out at the first NUL byte and then constructs using PyBytes_FromStringAndSize and the truncated size. One can see the convenience of avoiding the display of lots of NUL chars, but it doesn't seem correct to do this.

On 2.x it's a bit muddier, as arrays of c_char could be using ASCII strings, where a NUL terminator might be appropriate to consider.