diff -up net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076 net-snmp-5.7.2/include/net-snmp/library/snmpusm.h

--- net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076	2020-03-02 14:11:34.000000000 +0100

+++ net-snmp-5.7.2/include/net-snmp/library/snmpusm.h	2020-03-02 14:05:12.000000000 +0100

@@ -34,6 +34,7 @@ extern          "C" {

      * Structures.

      */

     struct usmStateReference {

+        int             refcnt;

         char           *usr_name;

         size_t          usr_name_length;

         u_char         *usr_engine_id;

diff -up net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076 net-snmp-5.7.2/snmplib/snmp_client.c

--- net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076	2020-03-02 14:11:27.000000000 +0100

+++ net-snmp-5.7.2/snmplib/snmp_client.c	2020-03-02 14:03:40.000000000 +0100

@@ -391,27 +391,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)

         return NULL;

     }

-    if (pdu != NULL && pdu->securityStateRef &&

-        pdu->command == SNMP_MSG_TRAP2) {

-

-        ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,

-                (struct usmStateReference **) &newpdu->securityStateRef );

-

-        if (ret)

-        {

+    sptr = find_sec_mod(newpdu->securityModel);

+    if (sptr && sptr->pdu_clone) {

+        /* call security model if it needs to know about this */

+        ret = sptr->pdu_clone(pdu, newpdu);

+        if (ret) {

             snmp_free_pdu(newpdu);

             return 0;

         }

     }

-    if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&

-        sptr->pdu_clone != NULL) {

-        /*

-         * call security model if it needs to know about this 

-         */

-        (*sptr->pdu_clone) (pdu, newpdu);

-    }

-

     return newpdu;

 }

diff -up net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076 net-snmp-5.7.2/snmplib/snmpusm.c

--- net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076	2020-03-02 14:11:20.000000000 +0100

+++ net-snmp-5.7.2/snmplib/snmpusm.c	2020-03-02 14:08:30.000000000 +0100

@@ -192,43 +192,63 @@ free_enginetime_on_shutdown(int majorid,

 struct usmStateReference *

 usm_malloc_usmStateReference(void)

 {

-    struct usmStateReference *retval = (struct usmStateReference *)

-        calloc(1, sizeof(struct usmStateReference));

+    struct usmStateReference *retval;

+

+    retval = calloc(1, sizeof(struct usmStateReference));

+    if (retval)

+        retval->refcnt = 1;

     return retval;

 }                               /* end usm_malloc_usmStateReference() */

+static int

+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)

+{

+    struct usmStateReference *ref = pdu->securityStateRef;

+    struct usmStateReference **new_ref =

+        (struct usmStateReference **)&new_pdu->securityStateRef;

+    int ret = 0;

+

+    if (!ref)

+        return ret;

+

+    if (pdu->command == SNMP_MSG_TRAP2) {

+        netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);

+        ret = usm_clone_usmStateReference(ref, new_ref);

+    } else {

+        netsnmp_assert(ref == *new_ref);

+        ref->refcnt++;

+    }

+

+    return ret;

+}

 void

 usm_free_usmStateReference(void *old)

 {

-    struct usmStateReference *old_ref = (struct usmStateReference *) old;

+    struct usmStateReference *ref = old;

-    if (old_ref) {

+    if (!ref)

+        return;

-        if (old_ref->usr_name_length)

-            SNMP_FREE(old_ref->usr_name);

-        if (old_ref->usr_engine_id_length)

-            SNMP_FREE(old_ref->usr_engine_id);

-        if (old_ref->usr_auth_protocol_length)

-            SNMP_FREE(old_ref->usr_auth_protocol);

-        if (old_ref->usr_priv_protocol_length)

-            SNMP_FREE(old_ref->usr_priv_protocol);

-

-        if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {

-            SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);

-            SNMP_FREE(old_ref->usr_auth_key);

-        }

-        if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {

-            SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);

-            SNMP_FREE(old_ref->usr_priv_key);

-        }

+    if (--ref->refcnt > 0)

+        return;

-        SNMP_ZERO(old_ref, sizeof(*old_ref));

-        SNMP_FREE(old_ref);

+    SNMP_FREE(ref->usr_name);

+    SNMP_FREE(ref->usr_engine_id);

+    SNMP_FREE(ref->usr_auth_protocol);

+    SNMP_FREE(ref->usr_priv_protocol);

+    if (ref->usr_auth_key_length && ref->usr_auth_key) {

+        SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);

+        SNMP_FREE(ref->usr_auth_key);

+    }

+    if (ref->usr_priv_key_length && ref->usr_priv_key) {

+        SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);

+        SNMP_FREE(ref->usr_priv_key);

     }

+    SNMP_FREE(ref);

 }                               /* end usm_free_usmStateReference() */

 struct usmUser *

@@ -3184,6 +3204,7 @@ init_usm(void)

     def->encode_reverse = usm_secmod_rgenerate_out_msg;

     def->encode_forward = usm_secmod_generate_out_msg;

     def->decode = usm_secmod_process_in_msg;

+    def->pdu_clone = usm_clone;

     def->pdu_free_state_ref = usm_free_usmStateReference;

     def->session_setup = usm_session_init;

     def->handle_report = usm_handle_report;