dbd30b
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
dbd30b
--- a/snmplib/snmp_api.c	2020-09-29 14:08:09.821479662 +0200
dbd30b
+++ b/snmplib/snmp_api.c	2020-10-01 10:15:46.607374362 +0200
dbd30b
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
dbd30b
     /*
dbd30b
      * build a scopedPDU structure into spdu_buf
dbd30b
      */
dbd30b
-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
dbd30b
+    spdu_buf_len = sizeof(spdu_buf);
dbd30b
     DEBUGDUMPSECTION("send", "ScopedPdu");
dbd30b
     cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
dbd30b
                                        &spdu_hdr_e);
dbd30b
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
dbd30b
      */
dbd30b
     DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
dbd30b
     if (pdu_data) {
dbd30b
+        if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
dbd30b
+            snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
dbd30b
+                     __func__, pdu_data_len, sizeof(spdu_buf));
dbd30b
+            return -1;
dbd30b
+        }
dbd30b
         memcpy(cp, pdu_data, pdu_data_len);
dbd30b
         cp += pdu_data_len;
dbd30b
     } else {
dbd30b
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
dbd30b
      * re-encode the actual ASN.1 length of the scopedPdu
dbd30b
      */
dbd30b
     spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
dbd30b
-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
dbd30b
+    spdu_buf_len = sizeof(spdu_buf);
dbd30b
     if (asn_build_sequence(spdu_buf, &spdu_buf_len,
dbd30b
                            (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
dbd30b
                            spdu_len) == NULL)
dbd30b
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
dbd30b
      * message - the entire message to transmitted on the wire is returned
dbd30b
      */
dbd30b
     cp = NULL;
dbd30b
-    *out_length = SNMP_MAX_MSG_SIZE;
dbd30b
+    *out_length = sizeof(spdu_buf);
dbd30b
     DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
dbd30b
     sptr = find_sec_mod(pdu->securityModel);
dbd30b
     if (sptr && sptr->encode_forward) {
dbd30b
dbd30b
diff -urNp a/include/net-snmp/library/default_store.h b/include/net-snmp/library/default_store.h
dbd30b
--- a/include/net-snmp/library/default_store.h	2022-03-07 10:50:12.425997555 +0100
dbd30b
+++ b/include/net-snmp/library/default_store.h	2022-03-07 12:51:07.968771327 +0100
dbd30b
@@ -96,7 +96,7 @@ extern          "C" {
dbd30b
 #define NETSNMP_DS_LIB_DNSSEC_WARN_ONLY     41 /* tread DNSSEC errors as warnings */
dbd30b
 #define NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT 42 /* NETSNMP_DS_LIB_CLIENT_ADDR includes address and also port */
dbd30b
 #define NETSNMP_DS_LIB_MAX_BOOL_ID          48 /* match NETSNMP_DS_MAX_SUBIDS */
dbd30b
-
dbd30b
+#define NETSNMP_DS_LIB_MSG_SEND_MAX        16
dbd30b
     /*
dbd30b
      * library integers 
dbd30b
      */
dbd30b
diff -urNp a/include/net-snmp/library/snmp.h b/include/net-snmp/library/snmp.h
dbd30b
--- a/include/net-snmp/library/snmp.h	2012-10-10 00:28:58.000000000 +0200
dbd30b
+++ b/include/net-snmp/library/snmp.h	2022-03-07 11:27:16.462066135 +0100
dbd30b
@@ -40,6 +40,7 @@ SOFTWARE.
dbd30b
 
dbd30b
 #define SNMP_MAX_LEN	    1500        /* typical maximum message size */
dbd30b
 #define SNMP_MIN_MAX_LEN    484 /* minimum maximum message size */
dbd30b
+#define SNMP_MAX_PACKET_LEN (0x7fffffff)
dbd30b
 
dbd30b
     /*
dbd30b
      * SNMP versions 
dbd30b
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
dbd30b
--- a/snmplib/snmp_api.c	2022-03-07 10:50:12.533998393 +0100
dbd30b
+++ b/snmplib/snmp_api.c	2022-03-07 11:18:17.857183065 +0100
dbd30b
@@ -309,6 +309,24 @@ static const char *secLevelName[] = {
dbd30b
 };
dbd30b
 
dbd30b
 /*
dbd30b
+ * return configured max message size for outgoing packets
dbd30b
+ */
dbd30b
+int
dbd30b
+netsnmp_max_send_msg_size(void)
dbd30b
+{
dbd30b
+    u_int max = netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
dbd30b
+                                   NETSNMP_DS_LIB_MSG_SEND_MAX);
dbd30b
+    if (0 == max)
dbd30b
+        max = SNMP_MAX_PACKET_LEN;
dbd30b
+    else if (max < SNMP_MIN_MAX_LEN)
dbd30b
+        max = SNMP_MIN_MAX_LEN; /* minimum max size per SNMP specs */
dbd30b
+    else if (max > SNMP_MAX_PACKET_LEN)
dbd30b
+        max = SNMP_MAX_PACKET_LEN;
dbd30b
+
dbd30b
+    return max;
dbd30b
+}
dbd30b
+
dbd30b
+/*
dbd30b
  * Multiple threads may changes these variables.
dbd30b
  * Suggest using the Single API, which does not use Sessions.
dbd30b
  *
dbd30b
@@ -737,7 +755,7 @@ snmp_sess_init(netsnmp_session * session
dbd30b
     session->retries = SNMP_DEFAULT_RETRIES;
dbd30b
     session->version = SNMP_DEFAULT_VERSION;
dbd30b
     session->securityModel = SNMP_DEFAULT_SECMODEL;
dbd30b
-    session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
dbd30b
+    session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
dbd30b
     session->flags |= SNMP_FLAGS_DONT_PROBE;
dbd30b
 }
dbd30b