From cb19677d2ef69cc25ed309b5f7e845e56b047823 Mon Sep 17 00:00:00 2001
From: khalid <khalidmamdou7@gmail.com>
Date: Wed, 15 Mar 2023 01:39:47 +0200
Subject: [PATCH] Disabled preauth compression (zlib) by default

Removed it from the wanted methods list in the ssh_options_set function. Now users have to set the compression value to 'zlib' explicitly to enable it.
Updated unit tests to reflect removing zlib compression algo from the defaults compression algorithms.

Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/options.c                     |  8 ++++----
 tests/unittests/torture_config.c  |  4 ++--
 tests/unittests/torture_options.c | 12 ++++++------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/options.c b/src/options.c
index 3a19cd42..8375705b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -940,9 +940,9 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
             } else {
                 const char *tmp = v;
                 if (strcasecmp(value, "yes") == 0){
-                    tmp = "zlib@openssh.com,zlib,none";
+                    tmp = "zlib@openssh.com,none";
                 } else if (strcasecmp(value, "no") == 0){
-                    tmp = "none,zlib@openssh.com,zlib";
+                    tmp = "none,zlib@openssh.com";
                 }
                 rc = ssh_options_set_algo(session,
                                           SSH_COMP_C_S,
@@ -960,9 +960,9 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
             } else {
                 const char *tmp = v;
                 if (strcasecmp(value, "yes") == 0){
-                    tmp = "zlib@openssh.com,zlib,none";
+                    tmp = "zlib@openssh.com,none";
                 } else if (strcasecmp(value, "no") == 0){
-                    tmp = "none,zlib@openssh.com,zlib";
+                    tmp = "none,zlib@openssh.com";
                 }
 
                 rc = ssh_options_set_algo(session,
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index ee7f17c3..0778ee32 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -579,9 +579,9 @@ static void torture_config_new(void ** state,
     assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 79c3787d..8d91e30d 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -982,9 +982,9 @@ static void torture_options_getopt(void **state)
     assert_string_equal(session->opts.identity_non_exp->root->data, "id_rsa");
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
@@ -1052,9 +1052,9 @@ static void torture_options_getopt(void **state)
     assert_ssh_return_code(session, rc);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none,zlib@openssh.com,zlib");
+                        "none,zlib@openssh.com");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none,zlib@openssh.com,zlib");
+                        "none,zlib@openssh.com");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
@@ -1068,9 +1068,9 @@ static void torture_options_getopt(void **state)
     assert_string_equal(argv[0], EXECUTABLE_NAME);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");