From a3b22b748d9ec12357d5d2835fcfcd65bac134fb Mon Sep 17 00:00:00 2001 From: peace-maker Date: Thu, 24 Oct 2024 15:56:47 +0200 Subject: [PATCH] Throw error when using `sni` and setting `server_hostname` manually in `remote` (#2482) * Throw error when using `sni` and setting `server_hostname` manually in `remote` Prevents silently replacing the `server_hostname` that was provided in `ssl_args`. Fixes #2425 * Update CHANGELOG --- CHANGELOG.md | 2 ++ pwnlib/tubes/remote.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fad3a4dd9..d059539ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,6 +81,7 @@ The table below shows which release corresponds to each branch, and what date th - [#2470][2470] Fix waiting for gdb under WSL2 - [#2479][2479] Support extracting libraries from Docker image in `pwn template` - [#2483][2483] Only print `checksec` output of `ELF.libc` when it was printed for the `ELF` already +- [#2482][2482] Throw error when using `sni` and setting `server_hostname` manually in `remote` [2471]: https://github.com/Gallopsled/pwntools/pull/2471 [2358]: https://github.com/Gallopsled/pwntools/pull/2358 @@ -90,6 +91,7 @@ The table below shows which release corresponds to each branch, and what date th [2470]: https://github.com/Gallopsled/pwntools/pull/2470 [2479]: https://github.com/Gallopsled/pwntools/pull/2479 [2483]: https://github.com/Gallopsled/pwntools/pull/2483 +[2482]: https://github.com/Gallopsled/pwntools/pull/2482 ## 4.14.0 (`beta`) diff --git a/pwnlib/tubes/remote.py b/pwnlib/tubes/remote.py index b84d1d5a5..e9cc82ea0 100644 --- a/pwnlib/tubes/remote.py +++ b/pwnlib/tubes/remote.py @@ -89,6 +89,8 @@ def __init__(self, host, port, import ssl as _ssl ssl_args = ssl_args or {} + if "server_hostname" in ssl_args and sni: + log.error("sni and server_hostname cannot be set at the same time") ssl_context = ssl_context or _ssl.SSLContext(_ssl.PROTOCOL_TLSv1_2) if isinstance(sni, str): ssl_args["server_hostname"] = sni