Throw error when using sni and setting server_hostname manually i…

…n `remote` (#2482) * Throw error when using `sni` and setting `server_hostname` manually in `remote` Prevents silently replacing the `server_hostname` that was provided in `ssl_args`. Fixes #2425 * Update CHANGELOG
Gallopsled · Oct 24, 2024 · a3b22b7 · a3b22b7
1 parent 584ecca
commit a3b22b7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -81,6 +81,7 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2470][2470] Fix waiting for gdb under WSL2
 - [#2479][2479] Support extracting libraries from Docker image in `pwn template`
 - [#2483][2483] Only print `checksec` output of `ELF.libc` when it was printed for the `ELF` already
+- [#2482][2482] Throw error when using `sni` and setting `server_hostname` manually in `remote`
 
 [2471]: https://github.com/Gallopsled/pwntools/pull/2471
 [2358]: https://github.com/Gallopsled/pwntools/pull/2358
@@ -90,6 +91,7 @@ The table below shows which release corresponds to each branch, and what date th
 [2470]: https://github.com/Gallopsled/pwntools/pull/2470
 [2479]: https://github.com/Gallopsled/pwntools/pull/2479
 [2483]: https://github.com/Gallopsled/pwntools/pull/2483
+[2482]: https://github.com/Gallopsled/pwntools/pull/2482
 
 ## 4.14.0 (`beta`)
 

diff --git a/pwnlib/tubes/remote.py b/pwnlib/tubes/remote.py
@@ -89,6 +89,8 @@ def __init__(self, host, port,
                 import ssl as _ssl
 
                 ssl_args = ssl_args or {}
+                if "server_hostname" in ssl_args and sni:
+                    log.error("sni and server_hostname cannot be set at the same time")
                 ssl_context = ssl_context or _ssl.SSLContext(_ssl.PROTOCOL_TLSv1_2)
                 if isinstance(sni, str):
                     ssl_args["server_hostname"] = sni