From 51369854b5a167fef371d04f71e8c81e579e9df6 Mon Sep 17 00:00:00 2001
From: Dirk Ziegelmeier <dirk@ziegelmeier.net>
Date: Tue, 16 Jan 2018 13:30:31 +0100
Subject: [PATCH] Fix bug #52911: SNMPv3 time window check is not the same as
 RFC3414

---
 src/apps/snmp/snmp_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/apps/snmp/snmp_msg.c b/src/apps/snmp/snmp_msg.c
index d8faf967..562ec60e 100644
--- a/src/apps/snmp/snmp_msg.c
+++ b/src/apps/snmp/snmp_msg.c
@@ -1051,13 +1051,13 @@ snmp_parse_inbound_frame(struct snmp_request *request)
       }
       {
         s32_t time = snmpv3_get_engine_time_internal();
-        if (request->msg_authoritative_engine_time > time) {
+        if (request->msg_authoritative_engine_time > (time + 150)) {
           snmp_stats.notintimewindows++;
           request->msg_flags = SNMP_V3_AUTHNOPRIV;
           request->error_status = SNMP_ERR_NOTINTIMEWINDOW;
           return ERR_OK;
         } else if (time > 150) {
-          if (request->msg_authoritative_engine_time < time - 150) {
+          if (request->msg_authoritative_engine_time < (time - 150)) {
             snmp_stats.notintimewindows++;
             request->msg_flags = SNMP_V3_AUTHNOPRIV;
             request->error_status = SNMP_ERR_NOTINTIMEWINDOW;