From f9e2c7b1fe582b8ba1f6998c071e2a7635dd9d5d Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 1 Apr 2019 20:15:49 +0100
Subject: [PATCH] Uppity: option to disallow SSH-1 compression.

With this and the ciphers, I think we've now got the full range of
SSH-1 config options (such as they are) that correspond to varying the
KEXINIT strings in SSH-2.
---
 ssh1connection-server.c | 2 +-
 sshserver.h             | 1 +
 unix/uxserver.c         | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssh1connection-server.c b/ssh1connection-server.c
index ee05fbd2..6cef5012 100644
--- a/ssh1connection-server.c
+++ b/ssh1connection-server.c
@@ -97,7 +97,7 @@ bool ssh1_handle_direction_specific_packet(
         return true;
 
       case SSH1_CMSG_REQUEST_COMPRESSION:
-        if (s->compressing) {
+        if (s->compressing || !s->ssc->ssh1_allow_compression) {
             pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_SMSG_FAILURE);
             pq_push(s->ppl.out_pq, pktout);
         } else {
diff --git a/sshserver.h b/sshserver.h
index 5afa4b14..129d6fec 100644
--- a/sshserver.h
+++ b/sshserver.h
@@ -15,6 +15,7 @@ struct SshServerConfig {
     bool exit_signal_numeric;          /* mimic an old server bug */
 
     unsigned long ssh1_cipher_mask;
+    bool ssh1_allow_compression;
 };
 
 Plug *ssh_server_plug(
diff --git a/unix/uxserver.c b/unix/uxserver.c
index 5698152b..1860ece2 100644
--- a/unix/uxserver.c
+++ b/unix/uxserver.c
@@ -338,6 +338,7 @@ static void show_help(FILE *fp)
           "         --kexinit-sccomp STR   override list of SSH-2 "
           "s->c compression types\n"
           "         --ssh1-ciphers STR     override list of SSH-1 ciphers\n"
+          "         --ssh1-no-compression  forbid compression in SSH-1\n"
           "         --exitsignum         send buggy numeric \"exit-signal\" "
           "message\n"
           "         --verbose            print event log messages to standard "
@@ -539,6 +540,7 @@ int main(int argc, char **argv)
 
     ssc.session_starting_dir = getenv("HOME");
     ssc.ssh1_cipher_mask = SSH1_SUPPORTED_CIPHER_MASK;
+    ssc.ssh1_allow_compression = true;
 
     if (argc <= 1) {
         /*
@@ -760,6 +762,8 @@ int main(int argc, char **argv)
                 exit(1);
             }
             ssc.ssh1_cipher_mask = mask;
+        } else if (longoptnoarg(arg, "--ssh1-no-compression")) {
+            ssc.ssh1_allow_compression = false;
         } else if (longoptnoarg(arg, "--exitsignum")) {
             ssc.exit_signal_numeric = true;
         } else if (longoptarg(arg, "--sshlog", &val, &argc, &argv) ||