From e818700734c91f78d36a4d38be2b860a6def3350 Mon Sep 17 00:00:00 2001
From: khalid <khalidmamdou7@gmail.com>
Date: Wed, 15 Mar 2023 01:39:47 +0200
Subject: [PATCH] Disabled preauth compression (zlib) by default

Removed it from the wanted methods list in the ssh_options_set function. Now users have to set the compression value to 'zlib' explicitly to enable it.
Updated unit tests to reflect removing zlib compression algo from the defaults compression algorithms.

Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit cb19677d2ef69cc25ed309b5f7e845e56b047823)
---
 src/options.c                     |  8 ++++----
 tests/unittests/torture_config.c  |  4 ++--
 tests/unittests/torture_options.c | 12 ++++++------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/options.c b/src/options.c
index 8d18131e..605f3548 100644
--- a/src/options.c
+++ b/src/options.c
@@ -875,10 +875,10 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 return -1;
             } else {
                 if (strcasecmp(value,"yes")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib,none") < 0)
+                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,none") < 0)
                         return -1;
                 } else if (strcasecmp(value,"no")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com,zlib") < 0)
+                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com") < 0)
                         return -1;
                 } else {
                     if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0)
@@ -893,10 +893,10 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 return -1;
             } else {
                 if (strcasecmp(value,"yes")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib,none") < 0)
+                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,none") < 0)
                         return -1;
                 } else if (strcasecmp(value,"no")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com,zlib") < 0)
+                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com") < 0)
                         return -1;
                 } else {
                     if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0)
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index d8a6197a..22b984d9 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -541,9 +541,9 @@ static void torture_config_new(void ** state,
     assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index c6818dc5..45811c1b 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -987,9 +987,9 @@ static void torture_options_getopt(void **state)
     assert_string_equal(session->opts.identity_non_exp->root->data, "id_rsa");
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
@@ -1068,9 +1068,9 @@ static void torture_options_getopt(void **state)
     assert_ssh_return_code(session, rc);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none,zlib@openssh.com,zlib");
+                        "none,zlib@openssh.com");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none,zlib@openssh.com,zlib");
+                        "none,zlib@openssh.com");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
@@ -1084,9 +1084,9 @@ static void torture_options_getopt(void **state)
     assert_string_equal(argv[0], EXECUTABLE_NAME);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");