-
Notifications
You must be signed in to change notification settings - Fork 107
Python locale unhandled conditions
-
Affected Components : locale
-
Operating System : Linux / Unix
-
Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x, 3.3.x
-
Reproducible : Yes
$ LC_ALL=en_XX python
Python 2.6.5 (r265:79063, Feb 27 2014, 19:44:14)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import locale
>>> locale.getdefaultlocale()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/locale.py", line 478, in getdefaultlocale
return _parse_localename(localename)
File "/usr/lib/python2.6/locale.py", line 410, in _parse_localename
raise ValueError, 'unknown locale: %s' % localename
ValueError: unknown locale: en_XX
>>>
>>> locale._build_localename(locale.getdefaultlocale())
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/locale.py", line 478, in getdefaultlocale
return _parse_localename(localename)
File "/usr/lib/python2.6/locale.py", line 410, in _parse_localename
raise ValueError, 'unknown locale: %s' % localename
ValueError: unknown locale: en_XX
>>>
>>> locale.resetlocale()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/locale.py", line 523, in resetlocale
_setlocale(category, _build_localename(getdefaultlocale()))
File "/usr/lib/python2.6/locale.py", line 478, in getdefaultlocale
return _parse_localename(localename)
File "/usr/lib/python2.6/locale.py", line 410, in _parse_localename
raise ValueError, 'unknown locale: %s' % localename
ValueError: unknown locale: en_XX
>>>
To reproduce the problem open python in interactive mode:
$ python -OOBRtt <press enter>
Then type the following lines of code into the interpreter.
import locale
- < enter >
locale.getdefaultlocale()
- < enter >
locale._build_localename(locale.getdefaultlocale())
- < enter >
locale.resetlocale()
- < enter >
Python module 'locale' expects, in ordet to identify the language used in the environment in which it operates, to receive from the operating system a specific value.
The received value will then be compared with a list of "known good" values hard-coded in the module locale
itself.
This list of values can be found in the file locale.py
in the local system files, or online by checking [Python Latest Locale source][07].
This assumption is in many situations invalid and the module itsehas no logic to intercept errors or to handle conditions in which the language is not precisisly declared and matches one of the known values.
If this happens the interpreter will generate a message to inform of an unhadled error condition or Exception
and will exit with error.
In the example we have used a language parameter that we invented and named 'en_XX'
and loaded python using this parameter:
$ LC_ALL=en_XX python
Then we imported the module locale
that should take care of the conditions related to internationalization functions (locale) and we tried to get the information of the language.
>>> locale.getdefaultlocale()
This generated an error in the module 'locale' and because this condition is not handled we had an unrecoverable error represented by the Traceback
message.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/locale.py", line 478, in getdefaultlocale
return _parse_localename(localename)
File "/usr/lib/python2.6/locale.py", line 410, in _parse_localename
raise ValueError, 'unknown locale: %s' % localename
ValueError: unknown locale: en_XX
Any other tentative of using the locale
module with the invented language will only generate further errors.
We are not aware on any easy solution other than trying to avoid using 'locale'
for cases like the one examined.
[Python locale][01] [01]:https://docs.python.org/2/library/locale.html
[Language variable][02] [02]:http://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable
[Python bug 504219][03] [03]:http://bugs.python.org/issue504219
[Python bug 813449][04] [04]:http://bugs.python.org/issue813449
[POSIX Environment Variables][05] [05]:http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html
[POSIX setlocale funtion][06] [06]:http://pubs.opengroup.org/onlinepubs/009695399/functions/setlocale.html
[Python Latest Locale source][07] [07]:http://hg.python.org/cpython/log?rev=locale.py
Main site: pythonsecurity.org
OWASP Page: owasp.org/index.php/OWASP_Python_Security_Project