I thought null bytes were not allowed in shellcode. While understanding some shellcode, I seem to have come across some code that contains null's and works perfect, why is this?
The problem with null bytes in shellcode is only for cases when it is injected using overflows in string handling with C standard string library, where null byte means end of string and so copying shall stop on it. Exploiting buffer overflow with C-style string was the most popular shellcode injection approach in mid-90s. Currently, most C code is (AFAIK) protected from this using another functions (either OpenBSD strlcpy/strlcat set, *_s() set, or home-grown functions), and less old environments as C++ had already got string library without null byte termination. Currently, most exploits use some programming errors as too small buffer, or incoming value mischecking when it shall be between some bounds.
I didn't analyze the code you linked but seems it uses incorrect handling of TLVs in binary data. It anyway is null-safe due to binary data handling (but exploitable in another way).