From d37434d022ee6851f047f94483ebb1c9132af908 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 29 Apr 2021 11:13:59 +0200
Subject: [PATCH] csv_import: handle null bytes (#53323)

---
 src/authentic2/csv_import.py |  8 ++++++--
 tests/test_csv_import.py     | 10 ++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/csv_import.py b/src/authentic2/csv_import.py
index fcd2c05c..200f6852 100644
--- a/src/authentic2/csv_import.py
+++ b/src/authentic2/csv_import.py
@@ -172,8 +172,12 @@ class CsvImporter(object):
             if not dialect:
                 self.error = Error('unknown-csv-dialect', _('Unknown CSV dialect'))
                 return False
-            reader = UnicodeReader(input_fd, dialect)
-            self.rows = list(reader)
+            try:
+                reader = UnicodeReader(input_fd, dialect)
+                self.rows = list(reader)
+            except (csv.Error, TypeError) as e:
+                self.error = Error('csv-read-error', str(e))
+                return False
             return True
 
         with input_fd:
diff --git a/tests/test_csv_import.py b/tests/test_csv_import.py
index ae9e238d..8b674327 100644
--- a/tests/test_csv_import.py
+++ b/tests/test_csv_import.py
@@ -93,6 +93,16 @@ def test_bad_csv_encoding(profile):
     assert importer.error == Error('bad-encoding')
 
 
+def test_null_byte(profile):
+    importer = CsvImporter()
+    assert not importer.run(b'email key,first_name\n1,\x00', 'ascii')
+    assert importer.error == Error('csv-read-error')
+
+    importer = CsvImporter()
+    assert not importer.run(b'\x00', 'ascii')
+    assert importer.error == Error('csv-read-error')
+
+
 def test_empty_header_row_error(profile, user_csv_importer_factory):
     importer = user_csv_importer_factory('\n1,2,3')
     assert not importer.run()
-- 
2.20.1