From 36d87318a859a8a9b5ab907ee12533936b25e0c1 Mon Sep 17 00:00:00 2001
From: rootvector2 <dxbnaveed.k@gmail.com>
Date: Mon, 16 Mar 2026 15:35:00 +0530
Subject: [PATCH] fix message length validation in ajp_msg_check_header

---
 modules/proxy/ajp_msg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/proxy/ajp_msg.c b/modules/proxy/ajp_msg.c
index 3367b5df4aa..424f710fb00 100644
--- a/modules/proxy/ajp_msg.c
+++ b/modules/proxy/ajp_msg.c
@@ -166,7 +166,7 @@ apr_status_t ajp_msg_check_header(ajp_msg_t *msg, apr_size_t *len)
     msglen  = ((head[2] & 0xff) << 8);
     msglen += (head[3] & 0xFF);
 
-    if (msglen > msg->max_size) {
+    if (msglen > msg->max_size - AJP_HEADER_LEN) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, APLOGNO(01081)
                      "ajp_msg_check_header() incoming message is "
                      "too big %" APR_SIZE_T_FMT ", max is %" APR_SIZE_T_FMT,