From 0c957ec03054eb6c8205e9c9d1d05d90ada3898c Mon Sep 17 00:00:00 2001
From: 0rbitingZer0 <0rbitingZer0@proton.me>
Date: Wed, 13 May 2026 22:40:03 +0200
Subject: [PATCH] snmpv3: fix handling packets with invalid
 msgAuthenticationParameters length

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
---
 src/apps/snmp/snmp_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/apps/snmp/snmp_msg.c b/src/apps/snmp/snmp_msg.c
index f8c75bb7..156b36e3 100644
--- a/src/apps/snmp/snmp_msg.c
+++ b/src/apps/snmp/snmp_msg.c
@@ -946,9 +946,9 @@ snmp_parse_inbound_frame(struct snmp_request *request)
     inbound_msgAuthenticationParameters_offset = pbuf_stream.offset;
     LWIP_UNUSED_ARG(inbound_msgAuthenticationParameters_offset);
     /* Read auth parameters */
-    /* IF_PARSE_ASSERT(tlv.value_len <= SNMP_V3_MAX_AUTH_PARAM_LENGTH); */
+    IF_PARSE_ASSERT(tlv.value_len <= SNMP_V3_MAX_AUTH_PARAM_LENGTH);
     IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_authentication_parameters,
-                                    &u16_value, tlv.value_len));
+                                    &u16_value, SNMP_V3_MAX_AUTH_PARAM_LENGTH));
     request->msg_authentication_parameters_len = (u8_t)u16_value;
 
     /* msgPrivacyParameters */