From 464a609f2c114fa8191d60bf7473a9fec20d16eb Mon Sep 17 00:00:00 2001
From: Jos De Graeve <Jos.DeGraeve@apertoso.be>
Date: Fri, 10 Nov 2017 12:25:09 +0100
Subject: [PATCH] FIX better handle null terminated string input from clock

There is no guarantee about what is after the first null byte
in ordinary C strings.  When string buffers are read, the
current code fails when garbage is sent after the first null byte.

This patch causes everything after the first byte to be discarded.
---
 zk/base.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/zk/base.py b/zk/base.py
index 2068dd3..82432cc 100644
--- a/zk/base.py
+++ b/zk/base.py
@@ -222,7 +222,7 @@ class ZK(object):
 
         cmd_response = self.__send_command(command, command_string, checksum, session_id, reply_id, response_size)
         if cmd_response.get('status'):
-            firmware_version = self.__data_recv[8:].strip('\x00|\x01\x10x')
+            firmware_version = self.__data_recv[8:].split('\x00')[0]
             return firmware_version
         else:
             raise ZKErrorResponse("Invalid response")
@@ -240,7 +240,7 @@ class ZK(object):
 
         cmd_response = self.__send_command(command, command_string, checksum, session_id, reply_id, response_size)
         if cmd_response.get('status'):
-            serialnumber = self.__data_recv[8:].split('=')[-1].strip('\x00|\x01\x10x')
+            serialnumber = self.__data_recv[8:].split('=')[-1].split('\x00')[0]
             return serialnumber
         else:
             raise ZKErrorResponse("Invalid response")
@@ -384,10 +384,10 @@ class ZK(object):
 
                             uid = u1 + (u2 * 256)
                             privilege = int(privilege.encode("hex"), 16)
-                            password = unicode(password.strip('\x00|\x01\x10x'), errors='ignore')
-                            name = unicode(name.strip('\x00|\x01\x10x'), errors='ignore')
-                            group_id = unicode(group_id.strip('\x00|\x01\x10x'), errors='ignore')
-                            user_id = unicode(user_id.strip('\x00|\x01\x10x'), errors='ignore')
+                            password = unicode(password.split('\x00')[0], errors='ignore')
+                            name = unicode(name.split('\x00')[0], errors='ignore')
+                            group_id = unicode(group_id.split('\x00')[0], errors='ignore')
+                            user_id = unicode(user_id.split('\x00')[0], errors='ignore')
 
                             user = User(uid, name, privilege, password, group_id, user_id)
                             users.append(user)
@@ -481,7 +481,7 @@ class ZK(object):
                         while len(attendance_data) >= 38:
                             user_id, sparator, timestamp, status, space = unpack('24sc4sc10s', attendance_data.ljust(40)[:40])
 
-                            user_id = user_id.strip('\x00|\x01\x10x')
+                            user_id = user_id.split('\x00')[0]
                             timestamp = self.__decode_time(timestamp)
                             status = int(status.encode("hex"), 16)